Wireshark mailing list archives

Previous By Date Next
Previous By Thread Next

Re: What is the data parameter of call_dissector_with_data?

From: mmann78 () netscape net
Date: Fri, 30 Jan 2015 19:35:09 -0500

It's the preferred way to exchange data between dissectors because you're a lot more sure of its scope than some of the 
other methods.  For most cases, you're just passing the data between a dissector and it's subdissector (rarely does it 
go farther than that).
 
If TCP is passing its data to SSL and you have another dissector that needs to pass data to SSL, I recommend creating 
another dissector entry point for SSL for the STARTTLS-like dissector to call (and register it for the STARTTLS-like 
protocol to find).  The "current" dissector entry point and "new" dissector entry point can have a "common" function 
that they both call, taking into account the data passed it.  If SSL is just ignoring the TCP data (most dissectors 
do), the common function would take a NULL parameter in that case.

I know there are current dissectors that use this functionality, I just can't think of any off the top of my head.
 
 
-----Original Message-----
From: Peter Wu <peter () lekensteyn nl>
To: Developer support list for Wireshark <wireshark-dev () wireshark org>
Sent: Fri, Jan 30, 2015 6:09 pm
Subject: [Wireshark-dev] What is the data parameter of call_dissector_with_data?


Hi,

To fix a bug, I need to pass the protocol type from a STARTTLS-like
protocol to the SSL dissector. I was about to use the "unused" data
field of dissect_ssl for this, but it turns out that the TCP dissector
fills in this field. That makes it entirely useless for other purposes
(such as passing parameters from via call_dissector_with_data).

It seems that my best alternative is p_add_proto_data (documented in
README.dissector, section 2.5 Per-packet information).

What is actually the purpose of the "data" parameter? It is not
documented well AFAIK, the packet-PROTOABBREV.c does not mention it at
all for example besides marking it as unused.
-- 
Kind regards,
Peter Wu
https://lekensteyn.nl/
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe

 

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Previous By Date Next
Previous By Thread Next

Current thread: