Wireshark-dev: Re: [Wireshark-dev] How to get calling dissector

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Dario Lombardo <dario.lombardo.ml@xxxxxxxxx>
Date: Sun, 18 Mar 2018 20:50:09 +0100
If you're interested in knowing if the layers contain a specific protocol, proto_is_frame_protocol could be your choice. However, this doesn't give you the previous layer.

On Mon, Jan 29, 2018 at 6:03 PM, Roland Knall <rknall@xxxxxxxxx> wrote:
Short answer: packet_info->layers should get you the list of protocols called before yours. If you iterate, you should see the other protocols before yours. In packet.c:754 you see the code adding to the list. 

Not sure though, how stable that interface is. It is pretty in-depth for span, so you should be save to use it, but not sure, if it is official, or if there is another way.

cheers
Roland

On Sun, Jan 28, 2018 at 10:59 PM, Uli Heilmeier <uh@xxxxxxxxxxxx> wrote:
Hi all,

TL,DR:
How does a dissector know which dissector called it?

Long version:
I’m currently implementing a dissector for „Session Multiplex Protocol“ (SMP) [1] requested in bug 14110 [2].
The Tabular Data Stream (TDS; MS SQL Server) protocol depends on SMP when using the MARS feature [3].

SMP runs on top of TCP and is a session layer protocol. SMP however has no identifier to specify the next protocol.
When TDS uses SMP the SMP payload itself is TDS. Resulting in dissector stack: Ethernet/IP/TCP/TDS/SMP/TDS.

I want to call the TDS dissector for the SMP payload data only when it was called by TDS. Otherwise just display the data as hex.
How can I get the information which dissector called my dissector?

Any ideas are welcome. Thanks!

[1]: https://msdn.microsoft.com/en-us/library/cc219643.aspx
[2]: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14110
[3]: https://docs.microsoft.com/en-us/sql/relational-databases/native-client/features/using-multiple-active-result-sets-mars

Cheers Uli
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request@wireshark.org?subject=unsubscribe


___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request@wireshark.org?subject=unsubscribe