Wireshark-dev: Re: [Wireshark-dev] Generic call_dissector()

From: Hans Glück <hanschris.glueck@xxxxxxxx>
Date: Mon, 11 Aug 2008 07:01:34 +0000 (GMT)
Ok, thanks for your advice. I´ll try to realize it with the dissector_try_heuristic method. I hope, it isn´t too much work...
Chris



----- Ursprüngliche Mail ----
Von: Abhik Sarkar <sarkar.abhik@xxxxxxxxx>
An: Developer support list for Wireshark <wireshark-dev@xxxxxxxxxxxxx>
Gesendet: Mittwoch, den 30. Juli 2008, 21:50:42 Uhr
Betreff: Re: [Wireshark-dev] Generic call_dissector()

Building on Chris' idea... based on the assumption that your protocol
has a field to say what the payload is (called payload_tag e.g.), you
will still have to determine what the payload protocol (as Chris
suggested) is but to keep things generic, you could register a
preference which has a syntax of something like this:
payload_tag:payload_proto;payload_tag:payload_proto;...
e.g.
1:ip;2:ppp;3:tcp;

That way, you can add support for new protocols without having to
re-write any code. The only gotcha is that the dissectors for all the
payload protocols must have registered themselves with names (and
recently a fair number have been found not to and corrected).

HTH
Abhik.

On Wed, Jul 30, 2008 at 5:41 PM, Maynard, Chris
<Christopher.Maynard@xxxxxxxxx> wrote:
> You may be able to get away with calling the lowest common denominator dissector and letting it naturally take care of handing off dissection to the next protocol, whatever it is.  If there is no common denominator, one possible way to do it would be to have all possible protocol dissectors that could appear in your payload register themselves as heuristic dissectors to your dissector, then you would only need to make a single call to dissector_try_heuristic().  But that would require changes to a lot of core protocols, potentially, namely ip, ppp, etc., so I'm not so sure that it's the best solution overall.  I don't know, perhaps the best solution is simply for you to determine the protocol yourself and hand off to the appropriate dissector.  Maybe someone else has some thoughts on this or ideas on how else it could be done.
>
> - Chris
>
>> -----Original Message-----
>> From: wireshark-dev-bounces@xxxxxxxxxxxxx [mailto:wireshark-dev-
>> bounces@xxxxxxxxxxxxx] On Behalf Of Hans Glück
>> Sent: Wednesday, July 30, 2008 4:41 AM
>> To: wireshark-dev@xxxxxxxxxxxxx
>> Subject: [Wireshark-dev] Generic call_dissector()
>>
>> Hello,
>>
>> I am writing a dissector and in the
>> payload of my packets are different types of data/information (PPP,
>> TCP,...) and maybe some more I don´t know. I wonder if I can call WS to
>> dissect this payload without defining a special handle?
>> => call_dissector(...) - therefor I have to define a ppp or ip handle
>>
>> Is there a possibility to make a generic
>> dissector call? Or can the user define the payload by clicking on a
>> packet and "Export as ... IP"?
>>
>>
>> Regards,
>> Chris
>>
>>
>>       __________________________________________________________
>> Gesendet von Yahoo! Mail.
>> Dem pfiffigeren Posteingang.
>> http://de.overview.mail.yahoo.com
>> _______________________________________________
>> Wireshark-dev mailing list
>> Wireshark-dev@xxxxxxxxxxxxx
>> https://wireshark.org/mailman/listinfo/wireshark-dev
> "CONFIDENTIALITY NOTICE: The contents of this email are confidential and for the exclusive use of the intended recipient. If you receive this email in error, please delete it from your system immediately and notify us either by email, telephone or fax. You should not copy, forward, or otherwise disclose the content of the email."
>
> _______________________________________________
> Wireshark-dev mailing list
> Wireshark-dev@xxxxxxxxxxxxx
> https://wireshark.org/mailman/listinfo/wireshark-dev
>
_______________________________________________
Wireshark-dev mailing list
Wireshark-dev@xxxxxxxxxxxxx
https://wireshark.org/mailman/listinfo/wireshark-dev


__________________________________________________
Do You Yahoo!?
Sie sind Spam leid? Yahoo! Mail verfügt über einen herausragenden Schutz gegen Massenmails. 
http://mail.yahoo.com