Re: [Wireshark-dev] Generic call_dissector()
Ok, thanks for your advice. I´ll try to realize it with the dissector_try_heuristic method. I hope, it isn´t too much work... Chris - Ursprüngliche Mail Von: Abhik Sarkar [EMAIL PROTECTED] An: Developer support list for Wireshark wireshark-dev@wireshark.org Gesendet: Mittwoch, den 30. Juli 2008, 21:50:42 Uhr Betreff: Re: [Wireshark-dev] Generic call_dissector() Building on Chris' idea... based on the assumption that your protocol has a field to say what the payload is (called payload_tag e.g.), you will still have to determine what the payload protocol (as Chris suggested) is but to keep things generic, you could register a preference which has a syntax of something like this: payload_tag:payload_proto;payload_tag:payload_proto;... e.g. 1:ip;2:ppp;3:tcp; That way, you can add support for new protocols without having to re-write any code. The only gotcha is that the dissectors for all the payload protocols must have registered themselves with names (and recently a fair number have been found not to and corrected). HTH Abhik. On Wed, Jul 30, 2008 at 5:41 PM, Maynard, Chris [EMAIL PROTECTED] wrote: You may be able to get away with calling the lowest common denominator dissector and letting it naturally take care of handing off dissection to the next protocol, whatever it is. If there is no common denominator, one possible way to do it would be to have all possible protocol dissectors that could appear in your payload register themselves as heuristic dissectors to your dissector, then you would only need to make a single call to dissector_try_heuristic(). But that would require changes to a lot of core protocols, potentially, namely ip, ppp, etc., so I'm not so sure that it's the best solution overall. I don't know, perhaps the best solution is simply for you to determine the protocol yourself and hand off to the appropriate dissector. Maybe someone else has some thoughts on this or ideas on how else it could be done. - Chris -Original Message- From: [EMAIL PROTECTED] [mailto:wireshark-dev- [EMAIL PROTECTED] On Behalf Of Hans Glück Sent: Wednesday, July 30, 2008 4:41 AM To: wireshark-dev@wireshark.org Subject: [Wireshark-dev] Generic call_dissector() Hello, I am writing a dissector and in the payload of my packets are different types of data/information (PPP, TCP,...) and maybe some more I don´t know. I wonder if I can call WS to dissect this payload without defining a special handle? = call_dissector(...) - therefor I have to define a ppp or ip handle Is there a possibility to make a generic dissector call? Or can the user define the payload by clicking on a packet and Export as ... IP? Regards, Chris __ Gesendet von Yahoo! Mail. Dem pfiffigeren Posteingang. http://de.overview.mail.yahoo.com ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org https://wireshark.org/mailman/listinfo/wireshark-dev CONFIDENTIALITY NOTICE: The contents of this email are confidential and for the exclusive use of the intended recipient. If you receive this email in error, please delete it from your system immediately and notify us either by email, telephone or fax. You should not copy, forward, or otherwise disclose the content of the email. ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org https://wireshark.org/mailman/listinfo/wireshark-dev ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org https://wireshark.org/mailman/listinfo/wireshark-dev __ Do You Yahoo!? Sie sind Spam leid? Yahoo! Mail verfügt über einen herausragenden Schutz gegen Massenmails. http://mail.yahoo.com ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org https://wireshark.org/mailman/listinfo/wireshark-dev
Re: [Wireshark-dev] Generic call_dissector()
You may be able to get away with calling the lowest common denominator dissector and letting it naturally take care of handing off dissection to the next protocol, whatever it is. If there is no common denominator, one possible way to do it would be to have all possible protocol dissectors that could appear in your payload register themselves as heuristic dissectors to your dissector, then you would only need to make a single call to dissector_try_heuristic(). But that would require changes to a lot of core protocols, potentially, namely ip, ppp, etc., so I'm not so sure that it's the best solution overall. I don't know, perhaps the best solution is simply for you to determine the protocol yourself and hand off to the appropriate dissector. Maybe someone else has some thoughts on this or ideas on how else it could be done. - Chris -Original Message- From: [EMAIL PROTECTED] [mailto:wireshark-dev- [EMAIL PROTECTED] On Behalf Of Hans Glück Sent: Wednesday, July 30, 2008 4:41 AM To: wireshark-dev@wireshark.org Subject: [Wireshark-dev] Generic call_dissector() Hello, I am writing a dissector and in the payload of my packets are different types of data/information (PPP, TCP,...) and maybe some more I don´t know. I wonder if I can call WS to dissect this payload without defining a special handle? = call_dissector(...) - therefor I have to define a ppp or ip handle Is there a possibility to make a generic dissector call? Or can the user define the payload by clicking on a packet and Export as ... IP? Regards, Chris __ Gesendet von Yahoo! Mail. Dem pfiffigeren Posteingang. http://de.overview.mail.yahoo.com ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org https://wireshark.org/mailman/listinfo/wireshark-dev CONFIDENTIALITY NOTICE: The contents of this email are confidential and for the exclusive use of the intended recipient. If you receive this email in error, please delete it from your system immediately and notify us either by email, telephone or fax. You should not copy, forward, or otherwise disclose the content of the email. ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org https://wireshark.org/mailman/listinfo/wireshark-dev
Re: [Wireshark-dev] Generic call_dissector()
Building on Chris' idea... based on the assumption that your protocol has a field to say what the payload is (called payload_tag e.g.), you will still have to determine what the payload protocol (as Chris suggested) is but to keep things generic, you could register a preference which has a syntax of something like this: payload_tag:payload_proto;payload_tag:payload_proto;... e.g. 1:ip;2:ppp;3:tcp; That way, you can add support for new protocols without having to re-write any code. The only gotcha is that the dissectors for all the payload protocols must have registered themselves with names (and recently a fair number have been found not to and corrected). HTH Abhik. On Wed, Jul 30, 2008 at 5:41 PM, Maynard, Chris [EMAIL PROTECTED] wrote: You may be able to get away with calling the lowest common denominator dissector and letting it naturally take care of handing off dissection to the next protocol, whatever it is. If there is no common denominator, one possible way to do it would be to have all possible protocol dissectors that could appear in your payload register themselves as heuristic dissectors to your dissector, then you would only need to make a single call to dissector_try_heuristic(). But that would require changes to a lot of core protocols, potentially, namely ip, ppp, etc., so I'm not so sure that it's the best solution overall. I don't know, perhaps the best solution is simply for you to determine the protocol yourself and hand off to the appropriate dissector. Maybe someone else has some thoughts on this or ideas on how else it could be done. - Chris -Original Message- From: [EMAIL PROTECTED] [mailto:wireshark-dev- [EMAIL PROTECTED] On Behalf Of Hans Glück Sent: Wednesday, July 30, 2008 4:41 AM To: wireshark-dev@wireshark.org Subject: [Wireshark-dev] Generic call_dissector() Hello, I am writing a dissector and in the payload of my packets are different types of data/information (PPP, TCP,...) and maybe some more I don´t know. I wonder if I can call WS to dissect this payload without defining a special handle? = call_dissector(...) - therefor I have to define a ppp or ip handle Is there a possibility to make a generic dissector call? Or can the user define the payload by clicking on a packet and Export as ... IP? Regards, Chris __ Gesendet von Yahoo! Mail. Dem pfiffigeren Posteingang. http://de.overview.mail.yahoo.com ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org https://wireshark.org/mailman/listinfo/wireshark-dev CONFIDENTIALITY NOTICE: The contents of this email are confidential and for the exclusive use of the intended recipient. If you receive this email in error, please delete it from your system immediately and notify us either by email, telephone or fax. You should not copy, forward, or otherwise disclose the content of the email. ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org https://wireshark.org/mailman/listinfo/wireshark-dev ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org https://wireshark.org/mailman/listinfo/wireshark-dev