Wireshark mailing list archives

Previous By Date Next
Previous By Thread Next

Re: How to get calling dissector

From: Uli Heilmeier <zeugs () heilmeier eu>
Date: Tue, 30 Jan 2018 19:34:12 +0100
Thanks for your idea. It's exactly the way Michael did it with his improvement for my patch:
https://code.wireshark.org/review/#/c/25509/

Am 29.01.18 um 21:01 schrieb Shai Shapira:

I believe there's another possible approach here:
Register the dissector once with proto_register_protocol (as usual), which assumed caller is TCP
register another dissection function (for SMP) using  create_dissector_handle_with_name called something like 
"smp.tds" 
than look for this name when retrieving the dissector handle in the TDS dissector

This means you should have 2 'entry point' functions to your dissector (usually there's only one dissect_PROTO).
This way by writing different dissection/payload handling code in those two functions you can react differently to
different calling protocols (tcp calls will trigger the first function, TDS will trigger the second etc)


2018-01-29 21:26 GMT+02:00 Uli Heilmeier <zeugs () heilmeier eu <mailto:zeugs () heilmeier eu>>:

    Thanks a lot Roland.

    Now that I know what to look for packet-sip.c gives a nice example.

    Cheers
    Uli

    Am 29.01.18 um 18:03 schrieb Roland Knall:
    > Short answer: packet_info->layers should get you the list of protocols called before yours. If you iterate, you 
should
    > see the other protocols before yours. In packet.c:754 you see the code adding to the list. 
    >
    > Not sure though, how stable that interface is. It is pretty in-depth for span, so you should be save to use it, 
but not
    > sure, if it is official, or if there is another way.
    >
    > cheers
    > Roland
    >
    > On Sun, Jan 28, 2018 at 10:59 PM, Uli Heilmeier <uh () heilmeier eu <mailto:uh () heilmeier eu> <mailto:uh () 
heilmeier eu <mailto:uh () heilmeier eu>>> wrote:
    >
    >     Hi all,
    >
    >     TL,DR:
    >     How does a dissector know which dissector called it?
    >

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Previous By Date Next
Previous By Thread Next

Current thread: