</para>
<para>
There is little difference in having your dissector as either a plugin
- or built-in. On the Win32 platform you have limited function access
- through what's listed in libwireshark.def, but that is mostly complete.
+ or built-in. On the Windows platform you have limited function access
+ through what's listed in <filename>libwireshark.def</filename>,
+ but that is mostly complete.
</para>
<para>
The big plus is that your rebuild cycle for a plugin is much shorter
</para>
<para>
- First we'll call the proto_register_protocol function which registers the protocol.
- We can give it three names that will be used for display in various places.
+ First we'll call the <function>proto_register_protocol()</function> function
+ which registers the protocol.
+ We can give it three names that will be used for display in various places.
The full and short name are used in e.g. the "Preferences" and "Enabled protocols"
dialogs as well as the generated field name list in the documentation.
The abbreviation is used as the display filter name.
so that the main program will know to call us when it gets UDP traffic on that port.
</para>
<para>
- The stardard Wireshark dissector convention is to put proto_register_foo and
- proto_reg_handoff_foo as the last two functions in the dissector source.
+ The stardard Wireshark dissector convention is to put
+ <function>proto_register_foo()</function> and <function>proto_reg_handoff_foo()</function>
+ as the last two functions in the dissector source.
</para>
<para>
Now at last we get to write some dissecting code. For the moment we'll
</para>
<para>
For now we'll do the minimum we can get away with.
- The first two lines check to see if the Protocol column is being displayed in
- the UI. If it is, we set the text of this to our protocol, so everyone
- can see it's been recognised.
+ In the first line we set the text of this to our protocol, so everyone
+ can see it's being recognised.
The only other thing we do is to clear out any data in the INFO column
if it's being displayed.
</para>
</para>
<para>
In order to compile this dissector and create a plugin a couple of support files
- are required, besides the dissector source in packet-foo.c:
+ are required, besides the dissector source in <filename>packet-foo.c</filename>:
<itemizedlist>
<listitem><para>
Makefile.am - This is the UNIX/Linux makefile template
plugin.rc.in - This contains the DLL resource template for Windows
</para></listitem>
</itemizedlist>
- You can find a good example for these files in the interlink plugin directory. Makefile.common
- and Makefile.am have to be modified to reflect the relevant files and dissector name.
- moduleinfo.h and moduleinfo.nmake have to be filled in with the version information.
+ You can find a good example for these files in the interlink plugin directory.
+ <filename>Makefile.common</filename> and <filename>Makefile.am</filename> have to
+ be modified to reflect the relevant files and dissector name.
+ <filename>moduleinfo.h</filename> and <filename>moduleinfo.nmake</filename> have
+ to be filled in with the version information.
Compile the dissector to a DLL or shared library and copy it into the plugin
directory of the installation.
</para>
it is called to get a summary of the packet, in the other case it is
called to look into details of the packet. These two cases can be
distinguished by the tree pointer. If the tree pointer is NULL, then
- we are being asked for a summary. If it is non null, we can pick apart
+ we are being asked for a summary. If it is non NULL, we can pick apart
the protocol for display. So with that in mind, let's enhance our dissector.
</para>
<example><title>Plugin Packet Dissection.</title>
We are also marking the area of data that is being consumed by this
protocol. In our case it's all that has been passed to us, as we're assuming
this protocol does not encapsulate another.
- Therefore, we add the new tree node with proto_tree_add_item, adding
- it to the passed in tree, label it with the protocol, use the passed in
+ Therefore, we add the new tree node with <function>proto_tree_add_item()</function>,
+ adding it to the passed in tree, label it with the protocol, use the passed in
tvb buffer as the data, and consume from 0 to the end (-1) of this data.
The FALSE we'll ignore for now.
</para>
<para>
Now let's go to the next step and add some protocol dissection.
For this step we'll need to construct a couple of tables that help with dissection.
- This needs some additions to the proto_register_foo function shown previously.
+ This needs some additions to the <function>proto_register_foo()</function>
+ function shown previously.
</para>
<para>
- Two statically allocated arrays are added at the beginning of proto_register_foo. The
- arrays are then registered after the call to proto_register_protocol.
+ Two statically allocated arrays are added at the beginning of
+ <function>proto_register_foo()</function>. The arrays are then registered after
+ the call to <function>proto_register_protocol()</function>.
</para>
<example><title>Registering data structures.</title>
<programlisting>
}]]>
</programlisting></example>
<para>
- The variables hf_foo_pdu_type and ett_foo also need to be declared
- somewhere near the top of the file.
+ The variables <varname>hf_foo_pdu_type</varname> and <varname>ett_foo</varname>
+ also need to be declared somewhere near the top of the file.
</para>
<example><title>Dissector data structure globals.</title>
<programlisting>
that defines the packet type for foo protocol.
</para>
<para>
- The proto_item_add_subtree call has added a child node to the protocol tree
- which is where we will do our detail dissection. The expansion of this
- node is controlled by the ett_foo variable. This remembers if the node should
- be expanded or not as you move between packets.
- All subsequent dissection will be added to this tree, as you can see from the next call.
- A call to proto_tree_add_item in the foo_tree, this time using the
- hf_foo_pdu_type to control the formatting of the item. The pdu type
- is one byte of data, starting at 0. We assume it is in network order,
- so that is why we use FALSE. Although for 1 byte there is no order issue
- it's best to keep this correct.
+ The <function>proto_item_add_subtree()</function> call has added a child node
+ to the protocol tree which is where we will do our detail dissection.
+ The expansion of this node is controlled by the <varname>ett_foo</varname>
+ variable. This remembers if the node should be expanded or not as you move
+ between packets. All subsequent dissection will be added to this tree,
+ as you can see from the next call.
+ A call to <function>proto_tree_add_item()</function> in the <varname>foo_tree</varname>,
+ this time using the <varname>hf_foo_pdu_type</varname> to control the formatting
+ of the item. The pdu type is one byte of data, starting at 0. We assume it is
+ in network order, so that is why we use FALSE. Although for 1 byte there is
+ no order issue it's best to keep this correct.
</para>
<para>
- If we look in detail at the hf_foo_pdu_type declaration in the static array
- we can see the details of the definition.
+ If we look in detail at the <varname>hf_foo_pdu_type</varname> declaration in
+ the static array we can see the details of the definition.
</para>
<itemizedlist>
<listitem><para>
</para></listitem>
<listitem><para>
BASE_DEC - for an integer type, this tells it to be printed as a decimal
- number. It could be BASE_HEX or BASE_OCT if that made more sense.
+ number. It could be hexdecimal (BASE_HEX) or octal (BASE_OCT) if that made more sense.
</para></listitem>
</itemizedlist>
<para>
</para>
<para>
Now let's finish off dissecting the simple protocol. We need to add a few
- more variables to the hf array, and a couple more procedure calls.
+ more variables to the <varname>hf</varname> array, and a couple more procedure calls.
</para>
<example><title>Wrapping up the packet dissection.</title>
<programlisting>
</programlisting></example>
<para>
This dissects all the bits of this simple hypothetical protocol. We've introduced a new
- variable offset into the mix to help keep track of where we are in the packet dissection.
- With these extra bits in place, the whole protocol is now dissected.
+ variable <varname>offset</varname> into the mix to help keep track of where we are in
+ the packet dissection. With these extra bits in place, the whole protocol is now dissected.
</para>
</section>
<section><title>Improving the dissection information</title>
There is some useful support for this sort of thing by adding a couple of extra things.
First we add a simple table of type to name.
</para>
- <example><title>Naming the packet types.</title>
+ <example><title>Naming the packet types.</title>
<programlisting>
<![CDATA[static const value_string packettypenames[] = {
{ 1, "Initialise" },
do that, as the support code already has that added in. We just have to give
these details to the appropriate part of the data, using the VALS macro.
</para>
- <example><title>Adding Names to the protocol.</title>
+ <example><title>Adding Names to the protocol.</title>
<programlisting>
<
git.samba.org / obnox / wireshark / wip.git / commitdiff