Wireshark mailing list archives

Re: How to get calling dissector

From: Shai Shapira <noforu () gmail com>
Date: Mon, 29 Jan 2018 22:01:34 +0200

I believe there's another possible approach here:
Register the dissector once with proto_register_protocol (as usual), which
assumed caller is TCP
register another dissection function (for SMP) using
create_dissector_handle_with_name called something like "smp.tds"
than look for this name when retrieving the dissector handle in the TDS
dissector

This means you should have 2 'entry point' functions to your dissector (usually
there's only one dissect_PROTO).
This way by writing different dissection/payload handling code in those two
functions you can react differently to different calling protocols (tcp
calls will trigger the first function, TDS will trigger the second etc)


2018-01-29 21:26 GMT+02:00 Uli Heilmeier <zeugs () heilmeier eu>:

Thanks a lot Roland.

Now that I know what to look for packet-sip.c gives a nice example.

Cheers
Uli

Am 29.01.18 um 18:03 schrieb Roland Knall:

Short answer: packet_info->layers should get you the list of protocols

called before yours. If you iterate, you should

see the other protocols before yours. In packet.c:754 you see the code

adding to the list.


Not sure though, how stable that interface is. It is pretty in-depth for

span, so you should be save to use it, but not

sure, if it is official, or if there is another way.

cheers
Roland

On Sun, Jan 28, 2018 at 10:59 PM, Uli Heilmeier <uh () heilmeier eu

<mailto:uh () heilmeier eu>> wrote:


    Hi all,

    TL,DR:
    How does a dissector know which dissector called it?

____________________________________________________________
_______________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=
unsubscribe

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe

Current thread:

How to get calling dissector Uli Heilmeier (Jan 29)
- Re: How to get calling dissector Roland Knall (Jan 29)
  - Re: How to get calling dissector Uli Heilmeier (Jan 29)
    - Re: How to get calling dissector Shai Shapira (Jan 30)
    - Re: How to get calling dissector Uli Heilmeier (Jan 30)