Wireshark-dev: Re: [Wireshark-dev] What is best way to use other protocol subdissectors?
From: Anders Broman <[email protected]>
Date: Wed, 30 Jan 2019 09:42:30 +0000



From: Wireshark-dev <[email protected]> On Behalf Of Dmitriy Linikov
Sent: den 29 januari 2019 11:09
To: [email protected]
Subject: [Wireshark-dev] What is best way to use other protocol subdissectors?


>Hi, guys.


>I'm adding support for CAN messages over IEEE1722 control frames. What is the best way to decode CAN message and payload?


>Up to now I have found the following approaches:

>- like in packet-caneth.c, adding fake "can.flags.xxx" to the list of protocol fields and explicit using "can.subdissectors" table.


Why do you need to add “fake "can.flags.xxx" to the list of protocol fields”?


>- using the composite tvb to combine real payload with a fake socketcan header.


>The first approach has failed for me because during commit i have several errors like the following: "can.flags.rtr doesn't match PROTOABBREV of ieee1722".


I think the reason for that is that you are adding hf variables to a protocol whose name is ieee1722 and in that case the expected format is

Ieee1722.can.flags.rtr. I guess you should register your sub protocol and name the hf’s accordingly but it’s hard to say with the information given.

Publish you code snippet?



>But the second approach seems a bit unnatural for me.



>What would you suggest?


>Best regards,

>Dmitriy Linikov.

Attachment: smime.p7s
Description: S/MIME cryptographic signature