Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: Re: [Wireshark-dev] Decode As... support

From: Chris Maynard <Chris.Maynard@xxxxxxxxx>
Date: Thu, 29 Dec 2011 17:06:57 +0000 (UTC)
Akos Vandra <axos88@...> writes:

> I would like to ask how does the Decode As... functionality work in wireshark?
> I have a CAN network, and on top of it there may be different
> higher-level protocols, depending on application.
> There is no identifier which would say that this belongs to protocol
> A, or protocol B.
> 
> I think the best solution would be for the user to say that this
> network has proto A or proto B on top of CAN, and then it would pass
> the whole traffic to dissector B.
> I guess this would be the puprose of the Decode As... option, but how
> can I use it from within the CAN dissector code?
> 

Akos Vandra <axos88@...> writes:

> I guess this would be the puprose of the Decode As... option, but how
> can I use it from within the CAN dissector code?

I think one way would be for the CAN dissector to be modified so it registers a
dissector table that proto A, proto B, ... can then add their handle to.  For
example (warning - untested pseudocode):

packet-socketcan.c:
proto_register_socketcan() {
    ...
    can_dissector_table = register_dissector_table("can_somename", "CAN
some_ui_name", FT_SOMETYPE, BASE_SOMEBASE);
    ...
}

protoA.c:
proto_reg_handoff_protoA() {
    ...
    protoA_can_handle = create_dissector_handle(dissect_protoA, proto_protoA);
    dissector_add_handle("can_somename", protoA_can_handle);
    ...
}

Look in the Wirehshark sources at other dissectors for more/better examples.
- Chris