Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: Re: [Wireshark-dev] Passing further information between dissections

From: Anders Broman <a.broman@xxxxxxxxx>
Date: Mon, 26 Jul 2010 10:37:22 +0200
Tarjei Knapstad skrev 2010-07-26 10:07:
On 23 July 2010 13:49, Alan Bowman<alan.michael.bowman@xxxxxxxxx>  wrote:
I have written two dissectors for some protocols I am using, one of
which is wrapped inside the other.  Protocol B is used if a particular
byte (A6, below) in protocol A is a particular value.  I have
registered A using register_dissector_table().  I can create a subset
tvb and use dissector_try_port() to get protocol B dissector to be
called and to have the data (B0..BN) passed to it.  However, B's
dissection also depends on knowing whether A was sent as a broadcast
packet or as a direct response to a request, which is stored in A's
header (A2).  (Not my design!).  Can anyone suggest how I should pass
this information to B?  Should I tack it onto the start of the tvb as
a composite buffer, or is there some way of attaching metadata to it?
Is there a similar protocol I should look at?

A0 A1 A2 A3 A4 A5 A6 B0 B1 B2 ... BN

Thanks in advance

Alan,

I think this is usually achieved by passing the data along in the
packet_info->private_data field. In your case I guess it would suffice
to just pass along a boolean. Hopefully someone will correct me if I'm
wrong here, but I think the standard procedure is along these lines:

   void* saved_private_data = pinfo->private_data;
   gboolean isBroadcastPacket = check_if_broadcast_packet(/*...*/);
   pinfo->private_data =&isBroadcastPacket;
   dissector_try_port(/*...*/);
   pinfo->private_data = saved_private_data;

Regards,
Tarjei
A different solution would be to register two dissector handles for B one for the broadcast version and one for the
response version and let A call B trough the appropriate dissector handle.
Regards
Anders

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list<wireshark-dev@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
              mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe