Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: Re: [Wireshark-dev] How to get calling dissector

From: Roland Knall <rknall@xxxxxxxxx>
Date: Mon, 29 Jan 2018 18:03:37 +0100
Short answer: packet_info->layers should get you the list of protocols called before yours. If you iterate, you should see the other protocols before yours. In packet.c:754 you see the code adding to the list. 

Not sure though, how stable that interface is. It is pretty in-depth for span, so you should be save to use it, but not sure, if it is official, or if there is another way.

cheers
Roland

On Sun, Jan 28, 2018 at 10:59 PM, Uli Heilmeier <uh@xxxxxxxxxxxx> wrote:
Hi all,

TL,DR:
How does a dissector know which dissector called it?

Long version:
I’m currently implementing a dissector for „Session Multiplex Protocol“ (SMP) [1] requested in bug 14110 [2].
The Tabular Data Stream (TDS; MS SQL Server) protocol depends on SMP when using the MARS feature [3].

SMP runs on top of TCP and is a session layer protocol. SMP however has no identifier to specify the next protocol.
When TDS uses SMP the SMP payload itself is TDS. Resulting in dissector stack: Ethernet/IP/TCP/TDS/SMP/TDS.

I want to call the TDS dissector for the SMP payload data only when it was called by TDS. Otherwise just display the data as hex.
How can I get the information which dissector called my dissector?

Any ideas are welcome. Thanks!

[1]: https://msdn.microsoft.com/en-us/library/cc219643.aspx
[2]: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14110
[3]: https://docs.microsoft.com/en-us/sql/relational-databases/native-client/features/using-multiple-active-result-sets-mars

Cheers Uli
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request@wireshark.org?subject=unsubscribe