Wireshark · Wireshark-dev: Re: [Wireshark-dev] What is the data parameter of call_dissector_with

Wireshark-dev: Re: [Wireshark-dev] What is the data parameter of call_dissector_with_data?

Date: Fri, 30 Jan 2015 19:35:09 -0500

It's the preferred way to exchange data between dissectors because you're a lot more sure of its scope than some of the other methods. For most cases, you're just passing the data between a dissector and it's subdissector (rarely does it go farther than that).

If TCP is passing its data to SSL and you have another dissector that needs to pass data to SSL, I recommend creating another dissector entry point for SSL for the STARTTLS-like dissector to call (and register it for the STARTTLS-like protocol to find). The "current" dissector entry point and "new" dissector entry point can have a "common" function that they both call, taking into account the data passed it. If SSL is just ignoring the TCP data (most dissectors do), the common function would take a NULL parameter in that case.

I know there are current dissectors that use this functionality, I just can't think of any off the top of my head.

-----Original Message-----
From: Peter Wu <peter@xxxxxxxxxxxxx>
To: Developer support list for Wireshark <wireshark-dev@xxxxxxxxxxxxx>
Sent: Fri, Jan 30, 2015 6:09 pm
Subject: [Wireshark-dev] What is the data parameter of call_dissector_with_data?

Hi,

To fix a bug, I need to pass the protocol type from a STARTTLS-like
protocol to the SSL dissector. I was about to use the "unused" data
field of dissect_ssl for this, but it turns out that the TCP dissector
fills in this field. That makes it entirely useless for other purposes
(such as passing parameters from via call_dissector_with_data).

It seems that my best alternative is p_add_proto_data (documented in
README.dissector, section 2.5 Per-packet information).

What is actually the purpose of the "data" parameter? It is not
documented well AFAIK, the packet-PROTOABBREV.c does not mention it at
all for example besides marking it as unused.
-- 
Kind regards,
Peter Wu
https://lekensteyn.nl/
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe

References:
- [Wireshark-dev] What is the data parameter of call_dissector_with_data?
  - From: Peter Wu

Prev by Date: [Wireshark-dev] What is the data parameter of call_dissector_with_data?
Next by Date: [Wireshark-dev] Building wireshark on Win7 gives me the error about win32.mak not found
Previous by thread: [Wireshark-dev] What is the data parameter of call_dissector_with_data?
Next by thread: [Wireshark-dev] Building wireshark on Win7 gives me the error about win32.mak not found
Index(es):
- Date
- Thread