ANNOUNCEMENT: Live Wireshark University & Allegro Packets online APAC Wireshark Training Session
April 17th, 2024 | 14:30-16:00 SGT (UTC+8) | Online
Wireshark logo

Wireshark-dev: Re: [Wireshark-dev] Calling other dissectors and returning

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Peter Johansson <Peter.xc.Johansson@xxxxxxxxxxxx>
Date: Thu, 03 May 2007 17:01:54 +0200
Joerg Mayer wrote:

On Thu, May 03, 2007 at 10:07:22AM -0400, Kevin A. Noll wrote:

I am trying to finish writing additional decode details for the WLCCP
dissector. In places, though, the WLCCP protocol carries other protocol data
that I'd like to decode, but not re-write the code.


Nice. Can you send in what you already have?


I know I can call other dissectors, but it's not apparent to me (an amateur)
how or if they return to the original dissector, which is what I would need
to do. For example, WLCCP can embed EAPOL messages as follows:


1. Generic WLCCP Headers
2. WLCCP Message-Type Specific Headers
2a. Embedded EAPOL
3. More WLCCP Message-Type Specific Data 4. Possibly some variable TLV
information


I need to be able to call the external EAPOL dissector and return to the
WLCCP dissector to finish dissecting the WLCCP headers and TLVs.

I would be much obliged if someone could give me a pointer on how to do this
and/or to a dissector that does something similar.


have a look at packet-radius.c and how eap support is handlered there.
In short:

proto_reg_handoff_radius(void)
	...
        eap_handle = find_dissector("eap");
And further up: 
	call_dissector(eap_handle, eap_tvb, pinfo, eap_tree);

Ciao
   Joerg
Or why not add heuristic sub-dissector possibilities using something like this in your code (also rather short): 

static dissector_handle_t data_handle = find_dissector("data");
static heur_dissector_list_t my_heur_subdissector_list;

---8<--- snip ---8<---

if(try_heuristic)
{
if(!dissector_try_heuristic(my_heur_subdissector_list, payload_tvb, pinfo, sub_tree)) 
  {
     /* Heuristic dissection failed, dissect it as data. */
     call_dissector(data_handle, payload_tvb, pinfo, sub_tree);
  }
}
else
{
  /* Oh, well, we don't know this; dissect it as data. */
  call_dissector(data_handle, payload_tvb, pinfo, sub_tree);
}

where you in proto_register_<my dissector> should have done:
 /* Sub-dissector hook code */
register_heur_dissector_list("<my proto name>", &my_heur_subdissector_list);
This would allow for any other dissector to register itself to heuristically decode the data part of your protocol by doing: another_module = prefs_register_protocol(proto_another, proto_reg_handoff_another); heur_dissector_add("<your proto name>", <heuristic dissection routine>, proto_another); 

Regards, Peter
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube