Re: Decode As... support

[Chris Maynard <Chris.Maynard () gtech com>]

Akos Vandra <axos88@...> writes:

> I would like to ask how does the Decode As... functionality work in wireshark?
> I have a CAN network, and on top of it there may be different
> higher-level protocols, depending on application.
> There is no identifier which would say that this belongs to protocol
> A, or protocol B.
>
> I think the best solution would be for the user to say that this
> network has proto A or proto B on top of CAN, and then it would pass
> the whole traffic to dissector B.
> I guess this would be the puprose of the Decode As... option, but how
> can I use it from within the CAN dissector code?

Akos Vandra <axos88@...> writes:

> I guess this would be the puprose of the Decode As... option, but how
> can I use it from within the CAN dissector code?

I think one way would be for the CAN dissector to be modified so it registers a
dissector table that proto A, proto B, ... can then add their handle to.  For
example (warning - untested pseudocode):

packet-socketcan.c:
proto_register_socketcan() {
    ...
    can_dissector_table = register_dissector_table("can_somename", "CAN
some_ui_name", FT_SOMETYPE, BASE_SOMEBASE);
    ...
}

protoA.c:
proto_reg_handoff_protoA() {
    ...
    protoA_can_handle = create_dissector_handle(dissect_protoA, proto_protoA);
    dissector_add_handle("can_somename", protoA_can_handle);
    ...
}

Look in the Wirehshark sources at other dissectors for more/better examples.
- Chris


___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe