ANNOUNCEMENT: Live Wireshark University & Allegro Packets online APAC Wireshark Training Session
April 17th, 2024 | 14:30-16:00 SGT (UTC+8) | Online
Wireshark logo

Wireshark-dev: Re: [Wireshark-dev] switch between protocols

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Lange Jan-Erik <Jan-Erik.Lange@xxxxxxxxxxxxxx>
Date: Thu, 9 Dec 2010 08:52:38 +0100
I realized the behavior using a heuristic dissector now and it works. In my case it is a low level protocol, that doesn't even base on ethernet. I use wtab_encap for reading.

But the method with the dissector handoff table sounds interesting to me. Unfortunatley I dont have any information about realizing this in my code. In the readme.DELEVOPER I didn't found advanced dissecting techniques like this. There are only simple dissectors described.

Do you know which file an example of such a "dissector handoff table" contains?



________________________________________
Von: wireshark-dev-bounces@xxxxxxxxxxxxx [wireshark-dev-bounces@xxxxxxxxxxxxx] im Auftrag von Guy Harris [guy@xxxxxxxxxxxx]
Gesendet: Mittwoch, 8. Dezember 2010 19:01
An: Developer support list for Wireshark
Betreff: Re: [Wireshark-dev] switch between protocols

On Dec 8, 2010, at 7:39 AM, Christopher Maynard wrote:

> Lange Jan-Erik <Jan-Erik.Lange@...> writes:
>
>> Dependent on the value of a type field I want to dissect a packet with
> protocol A or protocol B.
>>
>> Is this a typical application for the use of a heuristic dissector? Or how can
> I realize the switch between the to protocolls?
>
> A heuristic dissector is basically one that is handed a tvb and it must try to
> guess whether the data contained within the tvb is relevant to that particular
> dissector or not.
>
> In this case, it doesn't sound to me like a heuristic dissector would apply.
> Rather, if you have protocol X that contains a type field, such that when that
> type field is a specific value, 'A' for instance, you always know that the
> payload is protocol A, then you probably just want to directly call the
> dissector for protocol A.

Or you could have the dissector for the protocol containing the type field create a dissector handoff table, have the dissectors for protocols A and B register in that table with the appropriate values for the type field, and have the dissector for the protocol containing the type field use the handoff table in a call to dissector_try_port().


___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube