Wireshark mailing list archives
Re: Ethernet dissector
From: Antonello Tartamo <antonellotartamo () gmail com>
Date: Sun, 23 May 2021 17:58:29 +0200
The problem is that I don't have a predefined ether type as the ether type field is used as length field. Is there any other way to reuse the ethernet dissector ? Thanks in advance Il giorno dom 23 mag 2021 alle ore 16:12 Richard Sharpe < realrichardsharpe () gmail com> ha scritto:
On Sun, May 23, 2021 at 5:06 AM Antonello Tartamo <antonellotartamo () gmail com> wrote:Hello everyone, I'm trying to create an ethernet dissector for a custom protocol workingon L2.In proto_reg_handoff_myproto() function I've called: heur_dissector_add("eth", dissect_myproto, "MyProtocol", "mp", proto_mp,HEURISTIC_ENABLE);eth_handle = find_dissector("eth_withoutfcs"); then in the dissect_myproto function when I call: tvbuff_t* next_tvb = tvb_new_subset_remaining(tvb, 0); int new_off = call_dissector(eth_handle, tvb, pinfo, tree); return new_off; I get the following two errors on the terminal: ** (wireshark:11483): WARNING **: 07:31:59.826: Dissector bug, protocolEthernet, in packet 12: /home/osboxes/Devel/wireshark/epan/packet.c:2794: failed assertion "saved_layers_len < 500"** (wireshark:11483): WARNING **: 07:31:59.826: Dissector bug, protocolEthernet, in packet 12: /home/osboxes/Devel/wireshark/epan/packet.c:775: failed assertion "saved_layers_len < 500"I'm running the development wireshark with ./run/wireshark. I think the error is due to the fact the both the heuristic dissectorand the "find_dissector" are ethernet based.Is there another way to reuse the ethernet dissector and avoid manuallyadding to the tree the src/dst mac addresses and the ethertype ? If you are using a fixed ethertype, then the ieee1905 dissector (packet-ieee1905.c) does this: void proto_reg_handoff_ieee1905(void) { static dissector_handle_t ieee1905_handle; ieee1905_handle = create_dissector_handle(dissect_ieee1905, proto_ieee1905); dissector_add_uint("ethertype", ETHERTYPE_IEEE_1905, ieee1905_handle); eapol_handle = find_dissector("eapol"); } You can ignore the eapol_handle stuff unless you also plan to use EAPOL (ieee801.X) in your protocol. -- Regards, Richard Sharpe (何以解憂?唯有杜康。--曹操)(传说杜康是酒的发明者) ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org ?subject=unsubscribe
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Ethernet dissector Antonello Tartamo (May 23)
- Re: Ethernet dissector John Thacker (May 23)
- Re: Ethernet dissector Richard Sharpe (May 23)
- Re: Ethernet dissector Antonello Tartamo (May 23)
- Re: Ethernet dissector John Thacker (May 23)
- Re: Ethernet dissector John Thacker (May 23)
- Re: Ethernet dissector Antonello Tartamo (May 23)
- Re: Ethernet dissector John Thacker (May 23)
- Re: Ethernet dissector Antonello Tartamo (May 23)
- Re: Ethernet dissector Guy Harris (May 23)