Akos Vandra <axos88@...> writes:
> I would like to ask how does the Decode As... functionality work in wireshark?
> I have a CAN network, and on top of it there may be different
> higher-level protocols, depending on application.
> There is no identifier which would say that this belongs to protocol
> A, or protocol B.
>
> I think the best solution would be for the user to say that this
> network has proto A or proto B on top of CAN, and then it would pass
> the whole traffic to dissector B.
> I guess this would be the puprose of the Decode As... option, but how
> can I use it from within the CAN dissector code?
>
Akos Vandra <axos88@...> writes:
> I guess this would be the puprose of the Decode As... option, but how
> can I use it from within the CAN dissector code?
I think one way would be for the CAN dissector to be modified so it registers a
dissector table that proto A, proto B, ... can then add their handle to. For
example (warning - untested pseudocode):
packet-socketcan.c:
proto_register_socketcan() {
...
can_dissector_table = register_dissector_table("can_somename", "CAN
some_ui_name", FT_SOMETYPE, BASE_SOMEBASE);
...
}
protoA.c:
proto_reg_handoff_protoA() {
...
protoA_can_handle = create_dissector_handle(dissect_protoA, proto_protoA);
dissector_add_handle("can_somename", protoA_can_handle);
...
}
Look in the Wirehshark sources at other dissectors for more/better examples.
- Chris