-----Original Message-----
From: wireshark-dev-bounces@xxxxxxxxxxxxx [mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] On Behalf Of Risto Paasila
Sent: den 18 april 2011 03:21
To: Developer support list for Wireshark
Subject: [Wireshark-dev] question about tcap sub-dissector
Hi,
My question is at the end, and hopefully all relevant detail is in between...
I need to make a dissector which calls the tcap dissector which should them call a sub-dissector.
The protocol stack would be something like:
Frame 26: 108 bytes on wire (864 bits), 108 bytes captured (864 bits) Ethernet II, Src: Oracle_b3:04:f5 (00:03:ba:b3:04:f5), Dst:
All-HSRP-routers_0a (00:00:0c:07:ac:0a)
Internet Protocol, Src: 10.97.0.228 (10.97.0.228), Dst: 10.115.232.36
(10.115.232.36)
Transmission Control Protocol, Src Port: ccu-comm-1 (4053), Dst Port:
64551 (64551), Seq: 1, Ack: 1, Len: 54
My-simple-protocol
Transaction Capabilities Application Part My-sub-dissector-protocol
My requirement is to be able to provide the My-simple-protocol and My-sub-dissector-protocol, as a plugin (or two plugins).
I have managed already to create My-simple-protocol, which successfully calls the tcap dissector.
For calling My-sub-dissector-protocol from tcap, I found two possibly useful methods:
extern void add_itu_tcap_subdissector(guint32 ssn, dissector_handle_t dissector)
dissector_handle_t get_itu_tcap_subdissector(guint32 ssn)
I tried them in the code of My-simple-protocol plugin, but the compiler doesn't like them:
packet-my-simple-protocol.c
plugin.c
packet-my-simple-protocol.c(113) : error C2220: warning treated as error - no 'object' file generated
packet-my-simple-protocol.c(113) : warning C4013:
'get_itu_tcap_subdissector' undefined; assuming extern returning int
packet-my-simple-protocol.c(113) : warning C4047: '=' :
'dissector_handle_t' differs in levels of indirection from 'int'
packet-my-simple-protocol.c(114) : warning C4013:
'add_itu_tcap_subdissector' undefined; assuming extern returning int
I found something in the mailing lists that was similar:
http://www.wireshark.org/lists/wireshark-dev/200706/msg00042.html
but it is rather old, I suppose creating a sub-dissector should work now without copying the whole tcap dissector into the plugin.
In the tcap data captured, there is no ssn specified either.
How can I make use of these methods to handoff to tcap, and then that tcap does a handoff back to My-sub-dissector-protocol?
Kind Regards
Risto
To call tcap from your dissector you should create a new tvb with the remaining data after your first sub dissector is done then call tcap trough a "handle". ( call_dissector(tcap_handle, tvb, pinfo, tree);)
In proto_reg_handoff get the tcap handle
tcap_handle = find_dissector("tcap");
In the TCAP data there should be something like
application-context-name: 0.4.0.0.1.0.2.2 (locationCancellationContext-v2)
I presume. If that's the case you can register an "oid dissector" for the rest of the data like in gsm_map
register_ber_oid_dissector_handle("0.4.0.0.1.0.2.2", map_handle, proto_gsm_map,"locationCancellationContext-v2" );
Regards
Anders
___________________________________________________________________________
Sent via: Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives: http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe
