ANNOUNCEMENT: Live Wireshark University & Allegro Packets online APAC Wireshark Training Session
April 17th, 2024 | 14:30-16:00 SGT (UTC+8) | Online
Wireshark logo

Wireshark-dev: Re: [Wireshark-dev] Add a protocol to the "decode as" option

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Michael Mann <mmann78@xxxxxxxxxxxx>
Date: Mon, 18 Sep 2017 15:28:07 -0400
Juan Jose,
 
Pascal is correct that you need to setup a dissector table, but you also need to set and register a "decode as structure" (decode_as_t) using register_decode_as.
 
Your "RTPS payload" should fall into one of 2 categories:
 
1. You have a "unique identifier" that determines how to dissect the (next) payload.  For example "Ethernet" has a type, IP has a protocol, TCP/UDP have a port.  In this case you set your dissector table up with the "unique identifier type" (typically numeric, but there are string and GUID examples).  Then you need to be able to save that "unique identifier" during dissection to provide to decode as functionality (as part of decode_as_t structure).  Your plugins will also call dissector_add_<type>() to register their "unique identifier".  dissector_add_<type> calls dissector_add_for_decode_as() internally, so there isn't a need for plugins to call it explicitly.  packet-ip.c is probably a good example to follow.
 
2. There is no unique identifier and payload must be determined by Decode As.  You still need a dissector table and plugins will still need to call dissector_add_for_decode_as(), but "setting up the dissector table for decode as" has been made simpler by register_decode_as_next_proto().  See https://code.wireshark.org/review/22575 for example uses.
 
 
 
-----Original Message-----
From: Pascal Quantin <pascal.quantin@xxxxxxxxx>
To: Developer support list for Wireshark <wireshark-dev@xxxxxxxxxxxxx>
Sent: Mon, Sep 18, 2017 3:05 pm
Subject: Re: [Wireshark-dev] Add a protocol to the "decode as" option

Hi Juan Jose,

2017-09-18 16:21 GMT+02:00 Juan Jose Martin Carrascosa <juanjo@xxxxxxx>:
Hi everybody,

I have a set of plugins that work on top of the RTPS protocol. Which is the cleanest and right way to get this set of plugins available when I click in "decode as" in a RTPS packet?

If you create a dissector table for your RTPS payload (presumably that's what would need to be decoded as), then your plugins can register themselves using the dissector_add_for_decode_as() function.

Best regards,
Pascal.
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube