Wireshark mailing list archives
Re: Decode As... support
From: Akos Vandra <axos88 () gmail com>
Date: Thu, 29 Dec 2011 21:16:42 +0200
Yeah, I did that, I added a heuristic dissector table, and added protoA and protoB to them. Now wireshark always uses protoA to dissect (it should, because protoA has no way to know that the packet is not for him [[it?]], because the whole message space is covered by it). I also added protoB, and if I disable protoA, it processes the packets with protoB dissector, however it would be nicer if I could choose decode as... protoB. My code here: packet-socketcan.c: register_heur_dissector_list("can", &heur_subdissector_list); packet-cannp.c heur_dissector_add("can", dissect_cannp, proto_cannp); packet-cannection.c heur_dissector_add("can", dissect_cannection, proto_cannection); Regards, Ákos On 29 December 2011 19:06, Chris Maynard <Chris.Maynard () gtech com> wrote:
Akos Vandra <axos88@...> writes:I would like to ask how does the Decode As... functionality work in wireshark? I have a CAN network, and on top of it there may be different higher-level protocols, depending on application. There is no identifier which would say that this belongs to protocol A, or protocol B. I think the best solution would be for the user to say that this network has proto A or proto B on top of CAN, and then it would pass the whole traffic to dissector B. I guess this would be the puprose of the Decode As... option, but how can I use it from within the CAN dissector code?Akos Vandra <axos88@...> writes:I guess this would be the puprose of the Decode As... option, but how can I use it from within the CAN dissector code?I think one way would be for the CAN dissector to be modified so it registers a dissector table that proto A, proto B, ... can then add their handle to. For example (warning - untested pseudocode): packet-socketcan.c: proto_register_socketcan() { ... can_dissector_table = register_dissector_table("can_somename", "CAN some_ui_name", FT_SOMETYPE, BASE_SOMEBASE); ... } protoA.c: proto_reg_handoff_protoA() { ... protoA_can_handle = create_dissector_handle(dissect_protoA, proto_protoA); dissector_add_handle("can_somename", protoA_can_handle); ... } Look in the Wirehshark sources at other dissectors for more/better examples. - Chris ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Decode As... support Akos Vandra (Dec 18)
- Re: Decode As... support Chris Maynard (Dec 29)
- Re: Decode As... support Akos Vandra (Dec 29)
- Re: Decode As... support Chris Maynard (Dec 29)