Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: Re: [Wireshark-dev] How to get calling dissector

From: Shai Shapira <noforu@xxxxxxxxx>
Date: Mon, 29 Jan 2018 22:01:34 +0200
I believe there's another possible approach here:
Register the dissector once with proto_register_protocol (as usual), which assumed caller is TCP
register another dissection function (for SMP) using  create_dissector_handle_with_name called something like "smp.tds" 
than look for this name when retrieving the dissector handle in the TDS dissector

This means you should have 2 'entry point' functions to your dissector (usually there's only one dissect_PROTO).
This way by writing different dissection/payload handling code in those two functions you can react differently to different calling protocols (tcp calls will trigger the first function, TDS will trigger the second etc)


2018-01-29 21:26 GMT+02:00 Uli Heilmeier <zeugs@xxxxxxxxxxxx>:
Thanks a lot Roland.

Now that I know what to look for packet-sip.c gives a nice example.

Cheers
Uli

Am 29.01.18 um 18:03 schrieb Roland Knall:
> Short answer: packet_info->layers should get you the list of protocols called before yours. If you iterate, you should
> see the other protocols before yours. In packet.c:754 you see the code adding to the list. 
>
> Not sure though, how stable that interface is. It is pretty in-depth for span, so you should be save to use it, but not
> sure, if it is official, or if there is another way.
>
> cheers
> Roland
>
> On Sun, Jan 28, 2018 at 10:59 PM, Uli Heilmeier <uh@xxxxxxxxxxxx <mailto:uh@xxxxxxxxxxxx>> wrote:
>
>     Hi all,
>
>     TL,DR:
>     How does a dissector know which dissector called it?
>
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request@wireshark.org?subject=unsubscribe