Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.
Wireshark logo

Wireshark-dev: Re: [Wireshark-dev] Generic call_dissector()

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: "Maynard, Chris" <Christopher.Maynard@xxxxxxxxx>
Date: Wed, 30 Jul 2008 09:41:39 -0400
You may be able to get away with calling the lowest common denominator dissector and letting it naturally take care of handing off dissection to the next protocol, whatever it is.  If there is no common denominator, one possible way to do it would be to have all possible protocol dissectors that could appear in your payload register themselves as heuristic dissectors to your dissector, then you would only need to make a single call to dissector_try_heuristic().  But that would require changes to a lot of core protocols, potentially, namely ip, ppp, etc., so I'm not so sure that it's the best solution overall.  I don't know, perhaps the best solution is simply for you to determine the protocol yourself and hand off to the appropriate dissector.  Maybe someone else has some thoughts on this or ideas on how else it could be done.

- Chris

> -----Original Message-----
> From: wireshark-dev-bounces@xxxxxxxxxxxxx [mailto:wireshark-dev-
> bounces@xxxxxxxxxxxxx] On Behalf Of Hans Glück
> Sent: Wednesday, July 30, 2008 4:41 AM
> To: wireshark-dev@xxxxxxxxxxxxx
> Subject: [Wireshark-dev] Generic call_dissector()
> 
> Hello,
> 
> I am writing a dissector and in the
> payload of my packets are different types of data/information (PPP,
> TCP,...) and maybe some more I don´t know. I wonder if I can call WS to
> dissect this payload without defining a special handle?
> => call_dissector(...) - therefor I have to define a ppp or ip handle
> 
> Is there a possibility to make a generic
> dissector call? Or can the user define the payload by clicking on a
> packet and "Export as ... IP"?
> 
> 
> Regards,
> Chris
> 
> 
>       __________________________________________________________
> Gesendet von Yahoo! Mail.
> Dem pfiffigeren Posteingang.
> http://de.overview.mail.yahoo.com
> _______________________________________________
> Wireshark-dev mailing list
> Wireshark-dev@xxxxxxxxxxxxx
> https://wireshark.org/mailman/listinfo/wireshark-dev
"CONFIDENTIALITY NOTICE: The contents of this email are confidential and for the exclusive use of the intended recipient. If you receive this email in error, please delete it from your system immediately and notify us either by email, telephone or fax. You should not copy, forward, or otherwise disclose the content of the email."
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube