Yeah, I did that, I added a heuristic dissector table, and added
protoA and protoB to them.
Now wireshark always uses protoA to dissect (it should, because protoA
has no way to know that the packet is not for him [[it?]], because the
whole message space is covered by it). I also added protoB, and if I
disable protoA, it processes the packets with protoB dissector,
however it would be nicer if I could choose decode as... protoB.
My code here:
packet-socketcan.c:
register_heur_dissector_list("can", &heur_subdissector_list);
packet-cannp.c
heur_dissector_add("can", dissect_cannp, proto_cannp);
packet-cannection.c
heur_dissector_add("can", dissect_cannection, proto_cannection);
Regards,
Ákos
On 29 December 2011 19:06, Chris Maynard <Chris.Maynard@xxxxxxxxx> wrote:
> Akos Vandra <axos88@...> writes:
>
>> I would like to ask how does the Decode As... functionality work in wireshark?
>> I have a CAN network, and on top of it there may be different
>> higher-level protocols, depending on application.
>> There is no identifier which would say that this belongs to protocol
>> A, or protocol B.
>>
>> I think the best solution would be for the user to say that this
>> network has proto A or proto B on top of CAN, and then it would pass
>> the whole traffic to dissector B.
>> I guess this would be the puprose of the Decode As... option, but how
>> can I use it from within the CAN dissector code?
>>
>
> Akos Vandra <axos88@...> writes:
>
>> I guess this would be the puprose of the Decode As... option, but how
>> can I use it from within the CAN dissector code?
>
> I think one way would be for the CAN dissector to be modified so it registers a
> dissector table that proto A, proto B, ... can then add their handle to. For
> example (warning - untested pseudocode):
>
> packet-socketcan.c:
> proto_register_socketcan() {
> ...
> can_dissector_table = register_dissector_table("can_somename", "CAN
> some_ui_name", FT_SOMETYPE, BASE_SOMEBASE);
> ...
> }
>
> protoA.c:
> proto_reg_handoff_protoA() {
> ...
> protoA_can_handle = create_dissector_handle(dissect_protoA, proto_protoA);
> dissector_add_handle("can_somename", protoA_can_handle);
> ...
> }
>
> Look in the Wirehshark sources at other dissectors for more/better examples.
> - Chris
>
>
> ___________________________________________________________________________
> Sent via: Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
> Archives: http://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
> mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe
