Wireshark

  • Riverbed Technology
  • WinPcap
the world's foremost network protocol analyzer
  • Wireshark
    • About
    • Download
    • Blog
  • Get Help
    • Ask a Question
    • FAQs
    • Documentation
    • Mailing Lists
    • Online Tools
    • Wiki
    • Bug Tracker
  • Develop
    • Get Involved
    • Developer's Guide
    • Browse the Code
    • Latest Builds

Wireshark-dev: Re: [Wireshark-dev] Calling other dissectors and returning

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next


From: "Kevin A. Noll" <spamknoll@xxxxxxxxxxxxx>
Date: Thu, 03 May 2007 11:02:29 -0400


What I've done so far has been contributed in bugzilla ticket 1522. I added
very high-level information to the decode that was already in the WLCCP
dissector.

I'm just now trying to dig deeper.

I'll give your example a try and see what happens.

Thanks!

--kan--
--
Kevin A. Noll, KD4WOZ
CCIE, CCDP
Versatile, Inc.		
Kevin.Noll@xxxxxxxxxxxxx
+1-717-796-1936

-----Original Message-----
From: wireshark-dev-bounces@xxxxxxxxxxxxx
[mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] On Behalf Of Joerg Mayer
Sent: Thursday, May 03, 2007 10:40 AM
To: Developer support list for Wireshark
Subject: Re: [Wireshark-dev] Calling other dissectors and returning

On Thu, May 03, 2007 at 10:07:22AM -0400, Kevin A. Noll wrote:
> I am trying to finish writing additional decode details for the WLCCP 
> dissector. In places, though, the WLCCP protocol carries other 
> protocol data that I'd like to decode, but not re-write the code.

Nice. Can you send in what you already have?

> I know I can call other dissectors, but it's not apparent to me (an 
> amateur) how or if they return to the original dissector, which is 
> what I would need to do. For example, WLCCP can embed EAPOL messages as
follows:
> 
> 
> 1. Generic WLCCP Headers
> 2. WLCCP Message-Type Specific Headers 2a. Embedded EAPOL 3. More 
> WLCCP Message-Type Specific Data 4. Possibly some variable TLV 
> information
> 
> 
> I need to be able to call the external EAPOL dissector and return to 
> the WLCCP dissector to finish dissecting the WLCCP headers and TLVs.
> 
> I would be much obliged if someone could give me a pointer on how to 
> do this and/or to a dissector that does something similar.

have a look at packet-radius.c and how eap support is handlered there.
In short:

proto_reg_handoff_radius(void)
	...
        eap_handle = find_dissector("eap");

And further up: 

	call_dissector(eap_handle, eap_tvb, pinfo, eap_tree);

Ciao
   Joerg
-- 
Joerg Mayer                                           <jmayer@xxxxxxxxx>
We are stuck with technology when what we really want is just stuff that
works. Some say that should read Microsoft instead of technology.
_______________________________________________
Wireshark-dev mailing list
Wireshark-dev@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-dev
  • References:
    • Re: [Wireshark-dev] Calling other dissectors and returning
      • From: Joerg Mayer
  • Prev by Date: Re: [Wireshark-dev] Calling other dissectors and returning
  • Next by Date: [Wireshark-dev] [PATCH] UMTS Frame Protocol: more K12/K15 support, Spare Extension fields
  • Previous by thread: Re: [Wireshark-dev] Calling other dissectors and returning
  • Next by thread: [Wireshark-dev] [PATCH] UMTS Frame Protocol: more K12/K15 support, Spare Extension fields
  • Index(es):
    • Date
    • Thread

Wireshark and the "fin" logo are registered trademarks of the Wireshark Foundation