Re: Getting captured interface name inside plugin

[Jan Mall <jan.mall () uni-ulm de>]

On 07.06.21 02:41, Richard Sharpe wrote:
> On Sun, Jun 6, 2021 at 5:42 PM Jan Mall <jan.mall () uni-ulm de> wrote:
> > The ultimate goal is an automotive dissector, which takes abstract
> > network descriptions for automotive buses and dissects the messages on
> > the bus accordingly. But as every bus has a different set of message
> > definitions, I somehow need to find out on which bus (physical
> > interface) I receive the traffic in order to perform dissection
> > according to the message definitions for this bus. Of course the user
> > could just change the network description in the plugins preferences
> > every time he switches the interfaces, but I thought maybe there's a
> > smoother solution.
> Are the messages partitioned such that they are different on each
> interface, or is it the case that Message 1 can appear on interface
> types A and B but with different formats?
The messages (e.g. CAN messages) are different for each interface, but 
are not unique across interfaces. So e.g. one message with ID xyz can 
occur on both interfaces, but has a different meaning/datatype on each 
interface.


On 07.06.21 02:57, Guy Harris wrote:
> On Jun 6, 2021, at 5:41 PM, Jan Mall <jan.mall () uni-ulm de> wrote:
>
> > The ultimate goal is an automotive dissector, which takes abstract network descriptions for automotive buses and 
> > dissects the messages on the bus accordingly. But as every bus has a different set of message definitions,
> So is there a single LINKTYPE_ value for all those buses, or do they all have different LINKTYPE_ values?
>
> If so, what are the LINKTYPE_ values?
On 07.06.21 11:49, Roland Knall wrote:
> Also are you running the same protocol on all the different buses, or 
> has each bus its own distinctive protocol?
>
> cheers
> Roland
Answering both your questions:

The LINKTYPE for all interfaces is LINKTYPE_CAN_SOCKETCAN - so on all 
interfaces the protocol (CAN via SocketCAN) is the same. So I can't make 
any distinction right there.

-------------------------------------------------------

After continuing searching I found this snippet in the UI part:
"epan_get_interface_name(pinfo->epan, 
pinfo->rec->rec_header.packet_header.interface_id);"

As it's marked as public API function (wondering why I did not found it 
earlier), I tested it inside my dissector function and it returns the 
expected interface name. So looks like I'm now able to make a 
distinction based on the interface inside my dissector.
Still wondering if there is maybe a callback/event I could register to 
get notified as soon as the user starts capturing on a specific 
interface (including the interface name)?

Thanks to you guys, for helping me out so far - highly appreciated.

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
            mailto:wireshark-dev-request () wireshark org?subject=unsubscribe