At 07:39 PM 5/2/2005, Gilbert Ramirez wrote:
Yes. You modify wiretap to read your file format. You also add a new
wiretap encapsulation type, a WTAP_ENCAP_* value, defined in
wiretap/wtap.h. When your new wiretap module finds a packet of that
encapsulation type, it passes that value to Ethereal.
In Ethereal, you add a dissector which can parse your custom protocol.
It registers itself against "wtap_encap" with the new WTAP_ENCAP_*
value. E.g., look at how packet-tr.c calls:
dissector_add(WTAP_ENCAP_TOKEN_RING,....)
>From your new dissector to the next protocol (IP, for example), there
are various ways to proceed. You could call the dissector directly, by
grabbing its handle via find_dissector(), or if the next protocol is a
port-based protocol, you could use the dissector table functions to
have Ethereal call the next registered protocol. It depends on what
your custom protocol header has for fields.
Hi gilbert,
Thanks for your help. I have some more questions.
I can see how wiretap can be modified to read my file format and call my
own custom <Myfile>_open and <Myfile>_read routines ( by adding entries to
file_access.c).
It is my understanding there should be separate files, one to understand
the file format ( that implements <MyFile>_open etc routines ) and the
other to dissect the protocols within the file, right?
Once I parse the file headers, I can identify individual packet types
within the file , say for example ABC_protocol. What is not clear to me is
do I call the ABC dissector directly within <Myfile>_read routine? If I can
directly call the ABC dissector within <Myfile>_read method, why should I
register my dissector through dissector_add(WTAP_ENCAP_*) method?
Where is the hook from wiretap to calling individual dissectors? I couldn't
find this part.
Thanks
Senthil
--gilbert
On 5/2/05, Senthil Sundaram <sen@xxxxxxxxxxxx> wrote:
> Hi,
>
> Can I use ethereal to parse a packet that is not a packet captured on the
> network. For example that packet does not have an Ethernet header or IP
> header or anything like that. It is file in my own custom format , lets
> call it XYZ packet. I would like to register a plugin called packet-XYZ,
> whenever Ethereal sees this packet.
>
> Is this possible? How do I make ethereal understand my custom packet and
> open it. I remember some one on this list mention I need to use wiretap
> library to do this.
>
> How do I register my plugin handler, i.e, to which layer to I register my
> handler?
>
> Thanks
> Senthil
>
> _______________________________________________
> Ethereal-dev mailing list
> Ethereal-dev@xxxxxxxxxxxx
> http://www.ethereal.com/mailman/listinfo/ethereal-dev
>
>
_______________________________________________
Ethereal-dev mailing list
Ethereal-dev@xxxxxxxxxxxx
http://www.ethereal.com/mailman/listinfo/ethereal-dev