Wireshark mailing list archives

Re: Ethernet dissector

From: Richard Sharpe <realrichardsharpe () gmail com>
Date: Sun, 23 May 2021 07:07:20 -0700

On Sun, May 23, 2021 at 5:06 AM Antonello Tartamo
<antonellotartamo () gmail com> wrote:


Hello everyone,
I'm trying to create an ethernet dissector for a custom protocol working on L2.

In proto_reg_handoff_myproto() function I've called:
heur_dissector_add("eth", dissect_myproto, "MyProtocol", "mp", proto_mp, HEURISTIC_ENABLE);
eth_handle = find_dissector("eth_withoutfcs");

then in the dissect_myproto function when I call:
tvbuff_t* next_tvb = tvb_new_subset_remaining(tvb, 0);
int new_off = call_dissector(eth_handle, tvb, pinfo, tree);
return new_off;

I get the following two errors on the terminal:
** (wireshark:11483): WARNING **: 07:31:59.826: Dissector bug, protocol Ethernet, in packet 12: 
/home/osboxes/Devel/wireshark/epan/packet.c:2794: failed assertion "saved_layers_len < 500"

** (wireshark:11483): WARNING **: 07:31:59.826: Dissector bug, protocol Ethernet, in packet 12: 
/home/osboxes/Devel/wireshark/epan/packet.c:775: failed assertion "saved_layers_len < 500"

I'm running the development wireshark with ./run/wireshark.

I think the error is due to the fact the both the heuristic dissector and the "find_dissector" are ethernet based.
Is there another way to reuse the ethernet dissector and avoid manually adding to the tree the src/dst mac addresses 
and the ethertype ?


If you are using a fixed ethertype, then the ieee1905 dissector
(packet-ieee1905.c) does this:

void
proto_reg_handoff_ieee1905(void)
{
    static dissector_handle_t ieee1905_handle;

    ieee1905_handle = create_dissector_handle(dissect_ieee1905,
                proto_ieee1905);

    dissector_add_uint("ethertype", ETHERTYPE_IEEE_1905, ieee1905_handle);

    eapol_handle = find_dissector("eapol");
}

You can ignore the eapol_handle stuff unless you also plan to use
EAPOL (ieee801.X) in your protocol.

-- 
Regards,
Richard Sharpe
(何以解憂？唯有杜康。--曹操)(传说杜康是酒的发明者)
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe

Current thread:

Ethernet dissector Antonello Tartamo (May 23)
- Re: Ethernet dissector John Thacker (May 23)
- Re: Ethernet dissector Richard Sharpe (May 23)
  - Re: Ethernet dissector Antonello Tartamo (May 23)
    - Re: Ethernet dissector John Thacker (May 23)
    - Re: Ethernet dissector John Thacker (May 23)
    - Re: Ethernet dissector Antonello Tartamo (May 23)
    - Re: Ethernet dissector John Thacker (May 23)
    - Re: Ethernet dissector Guy Harris (May 23)