Re: Ethernet dissector

[Antonello Tartamo <antonellotartamo () gmail com>]

The problem is that I don't have a predefined ether type as the ether type
field is used as length field.
Is there any other way to reuse the ethernet dissector ?
Thanks in advance


Il giorno dom 23 mag 2021 alle ore 16:12 Richard Sharpe <
realrichardsharpe () gmail com> ha scritto:

> On Sun, May 23, 2021 at 5:06 AM Antonello Tartamo
> <antonellotartamo () gmail com> wrote:
> > Hello everyone,
> > I'm trying to create an ethernet dissector for a custom protocol working
> on L2.
> > In proto_reg_handoff_myproto() function I've called:
> > heur_dissector_add("eth", dissect_myproto, "MyProtocol", "mp", proto_mp,
> HEURISTIC_ENABLE);
> > eth_handle = find_dissector("eth_withoutfcs");
> >
> > then in the dissect_myproto function when I call:
> > tvbuff_t* next_tvb = tvb_new_subset_remaining(tvb, 0);
> > int new_off = call_dissector(eth_handle, tvb, pinfo, tree);
> > return new_off;
> >
> > I get the following two errors on the terminal:
> > ** (wireshark:11483): WARNING **: 07:31:59.826: Dissector bug, protocol
> Ethernet, in packet 12: /home/osboxes/Devel/wireshark/epan/packet.c:2794:
> failed assertion "saved_layers_len < 500"
> > ** (wireshark:11483): WARNING **: 07:31:59.826: Dissector bug, protocol
> Ethernet, in packet 12: /home/osboxes/Devel/wireshark/epan/packet.c:775:
> failed assertion "saved_layers_len < 500"
> > I'm running the development wireshark with ./run/wireshark.
> >
> > I think the error is due to the fact the both the heuristic dissector
> and the "find_dissector" are ethernet based.
> > Is there another way to reuse the ethernet dissector and avoid manually
> adding to the tree the src/dst mac addresses and the ethertype ?
>
> If you are using a fixed ethertype, then the ieee1905 dissector
> (packet-ieee1905.c) does this:
>
> void
> proto_reg_handoff_ieee1905(void)
> {
>     static dissector_handle_t ieee1905_handle;
>
>     ieee1905_handle = create_dissector_handle(dissect_ieee1905,
>                 proto_ieee1905);
>
>     dissector_add_uint("ethertype", ETHERTYPE_IEEE_1905, ieee1905_handle);
>
>     eapol_handle = find_dissector("eapol");
> }
>
> You can ignore the eapol_handle stuff unless you also plan to use
> EAPOL (ieee801.X) in your protocol.
>
> --
> Regards,
> Richard Sharpe
> (何以解憂？唯有杜康。--曹操)(传说杜康是酒的发明者)
> ___________________________________________________________________________
> Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
> Archives:    https://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
>              mailto:wireshark-dev-request () wireshark org
> ?subject=unsubscribe
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe