Re: Question regarding LTE RRC dissectors

[Pascal Quantin <pascal.quantin () gmail com>]

Le 3 déc. 2015 12:06 AM, "Jagadeesan, Viswanathan" <
vjagadee () qti qualcomm com> a écrit :
> Hi Pascal
>
>
>
>                 As know that wire shark  call the RRC dissector if packet
has RRC payload of MAC->RLC->PDCP, otherwise it wouldn’t invoke. We need
something like
> Ethernet MAC + IP + UDP + LTE RRC instead of  Ethernet MAC + IP + UDP +
MAC +RLC + PDCP +RRC.

So you are definitely taking the wrong approach.
You could create a custom plugin registering on a given UDP port that would
extract the from the UDP payload some meta data identifying the LTE RRC
channel and the message payload, then calling the right dissector. All are
registered by name (as seen in packet-lte-rrc.c) and can be called from a
plugin.
You should not try to duplicate LTE RRC code.

> Any suggestions.
>
>
>
> Thanks,Viswa
>
>
>
>
>
> From: Pascal Quantin [mailto:pascal.quantin () gmail com]
> Sent: Wednesday, December 02, 2015 5:46 PM
> To: Jagadeesan, Viswanathan
> Cc: wireshark-dev () wireshark org
> Subject: Re: Question regarding LTE RRC dissectors
>
>
>
>
>
>
>
> 2015-12-02 23:36 GMT+01:00 Jagadeesan, Viswanathan <
vjagadee () qti qualcomm com>:
> > From: Jagadeesan, Viswanathan
> > Sent: Wednesday, December 02, 2015 5:35 PM
> > To: 'pascal.quantin () gmail com'
> > Subject: Question regarding LTE RRC dissectors
> >
> >
> >
> > Hi
> >
> >
> >
> >          followup question, it does the creation of dissector dll for
RRC successfully, when it loads on wireshark , it throws a error: "The
procedure entry point dissect_lpp_Ellipsoid_Point_PDU could not be located
in the dynamic link libwireshark.dll "
> > any suggestions.
>
>
>
> Hi,
>
> as explained in your question on ask.wireshark.org (
https://ask.wireshark.org/questions/48152/lte-rrc-dissector-linker-issue)
this symbol is not exported by Wireshark. So your plugin will not work with
a standard Wireshark version.
> You have not explained yet why you try to duplicate the already existing
LTE RRC dissector. If your changes are intrusive enough to require
accessing those functions, you should probably modify the source of LTE RRC
dissector directly and compile your own version of Wirehsark, rather than
making a plugin. Or you will need to copy / paste plenty of code in your
own plugin, but that could collide with the embedded dissector.
> But without knowing your own constraints, we cannot really confirm
whether the choice to make a plugin was the best one or not.
> Best regards,
>
> Pascal.
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe