Revision history [back]
How do we override the underlying udp dissector?
I've created the minimal packet-foo dissector verbatim from code in the documentation. It compiles (VS 2017) and I can see in Wireshark that it's registered and enabled.
In debug mode I hit break points in methods proto_register_foo and proto_reg_handoff_foo. When I send a message to FOO_PORT I hit a breakpoint in dissect_udp. I never hit a breakpoint in dissect_foo.
Is there something needed to explicitly make a dissector override (is that the right term) an underlying type, in this case udp? The only thing I see in code id this:
dissector_add_uint("udp.port", FOO_PORT, foo_handle);
Getting ahead of things, would adding this line also override the tcp dissector?
dissector_add_uint("tcp.port", FOO_PORT, foo_handle);
Thx
How do we override the underlying udp dissector?
I've created the minimal packet-foo dissector verbatim from code in the documentation. documentation. It compiles (VS 2017) and I can see in Wireshark that it's registered and enabled.
In debug mode I hit break points in methods proto_register_foo and proto_reg_handoff_foo. When I send a message to FOO_PORT I hit a breakpoint in dissect_udp. I never hit a breakpoint in dissect_foo.
Is there something needed to explicitly make a dissector override (is that the right term) an underlying type, in this case udp? The only thing I see in code id this:
dissector_add_uint("udp.port", FOO_PORT, foo_handle);
Getting ahead of things, would adding this line also override the tcp dissector?
dissector_add_uint("tcp.port", FOO_PORT, foo_handle);
Thx