subject:"\[Wireshark\-dev\] How to get calling dissector"

Re: [Wireshark-dev] How to get calling dissector

2018-03-18 Thread Dario Lombardo

If you're interested in knowing if the layers contain a specific
protocol, proto_is_frame_protocol could be your choice. However, this
doesn't give you the previous layer.

On Mon, Jan 29, 2018 at 6:03 PM, Roland Knall  wrote:

> Short answer: packet_info->layers should get you the list of protocols
> called before yours. If you iterate, you should see the other protocols
> before yours. In packet.c:754 you see the code adding to the list.
>
> Not sure though, how stable that interface is. It is pretty in-depth for
> span, so you should be save to use it, but not sure, if it is official, or
> if there is another way.
>
> cheers
> Roland
>
> On Sun, Jan 28, 2018 at 10:59 PM, Uli Heilmeier  wrote:
>
>> Hi all,
>>
>> TL,DR:
>> How does a dissector know which dissector called it?
>>
>> Long version:
>> I’m currently implementing a dissector for „Session Multiplex Protocol“
>> (SMP) [1] requested in bug 14110 [2].
>> The Tabular Data Stream (TDS; MS SQL Server) protocol depends on SMP when
>> using the MARS feature [3].
>>
>> SMP runs on top of TCP and is a session layer protocol. SMP however has
>> no identifier to specify the next protocol.
>> When TDS uses SMP the SMP payload itself is TDS. Resulting in dissector
>> stack: Ethernet/IP/TCP/TDS/SMP/TDS.
>>
>> I want to call the TDS dissector for the SMP payload data only when it
>> was called by TDS. Otherwise just display the data as hex.
>> How can I get the information which dissector called my dissector?
>>
>> Any ideas are welcome. Thanks!
>>
>> [1]: https://msdn.microsoft.com/en-us/library/cc219643.aspx
>> [2]: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14110
>> [3]: https://docs.microsoft.com/en-us/sql/relational-databases/na
>> tive-client/features/using-multiple-active-result-sets-mars
>>
>> Cheers Uli
>> 
>> ___
>> Sent via:Wireshark-dev mailing list 
>> Archives:https://www.wireshark.org/lists/wireshark-dev
>> Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
>>  mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscr
>> ibe
>
>
>
> 
> ___
> Sent via:Wireshark-dev mailing list 
> Archives:https://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
>  mailto:wireshark-dev-requ...@wireshark.org?subject=
> unsubscribe
>
___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] How to get calling dissector

2018-01-30 Thread Uli Heilmeier

Thanks for your idea. It's exactly the way Michael did it with his improvement 
for my patch:
https://code.wireshark.org/review/#/c/25509/

Am 29.01.18 um 21:01 schrieb Shai Shapira:
> I believe there's another possible approach here:
> Register the dissector once with proto_register_protocol (as usual), which 
> assumed caller is TCP
> register another dissection function (for SMP) using  
> create_dissector_handle_with_name called something like "smp.tds" 
> than look for this name when retrieving the dissector handle in the TDS 
> dissector
> 
> This means you should have 2 'entry point' functions to your dissector 
> (usually there's only one dissect_PROTO).
> This way by writing different dissection/payload handling code in those two 
> functions you can react differently to
> different calling protocols (tcp calls will trigger the first function, TDS 
> will trigger the second etc)
> 
> 
> 2018-01-29 21:26 GMT+02:00 Uli Heilmeier  >:
> 
> Thanks a lot Roland.
> 
> Now that I know what to look for packet-sip.c gives a nice example.
> 
> Cheers
> Uli
> 
> Am 29.01.18 um 18:03 schrieb Roland Knall:
> > Short answer: packet_info->layers should get you the list of protocols 
> called before yours. If you iterate, you should
> > see the other protocols before yours. In packet.c:754 you see the code 
> adding to the list. 
> >
> > Not sure though, how stable that interface is. It is pretty in-depth 
> for span, so you should be save to use it, but not
> > sure, if it is official, or if there is another way.
> >
> > cheers
> > Roland
> >
> > On Sun, Jan 28, 2018 at 10:59 PM, Uli Heilmeier    >> wrote:
> >
> >     Hi all,
> >
> >     TL,DR:
> >     How does a dissector know which dissector called it?
> >
___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] How to get calling dissector

2018-01-30 Thread Shai Shapira

I believe there's another possible approach here:
Register the dissector once with proto_register_protocol (as usual), which
assumed caller is TCP
register another dissection function (for SMP) using
create_dissector_handle_with_name called something like "smp.tds"
than look for this name when retrieving the dissector handle in the TDS
dissector

This means you should have 2 'entry point' functions to your dissector (usually
there's only one dissect_PROTO).
This way by writing different dissection/payload handling code in those two
functions you can react differently to different calling protocols (tcp
calls will trigger the first function, TDS will trigger the second etc)


2018-01-29 21:26 GMT+02:00 Uli Heilmeier :

> Thanks a lot Roland.
>
> Now that I know what to look for packet-sip.c gives a nice example.
>
> Cheers
> Uli
>
> Am 29.01.18 um 18:03 schrieb Roland Knall:
> > Short answer: packet_info->layers should get you the list of protocols
> called before yours. If you iterate, you should
> > see the other protocols before yours. In packet.c:754 you see the code
> adding to the list.
> >
> > Not sure though, how stable that interface is. It is pretty in-depth for
> span, so you should be save to use it, but not
> > sure, if it is official, or if there is another way.
> >
> > cheers
> > Roland
> >
> > On Sun, Jan 28, 2018 at 10:59 PM, Uli Heilmeier  > wrote:
> >
> > Hi all,
> >
> > TL,DR:
> > How does a dissector know which dissector called it?
> >
> 
> ___
> Sent via:Wireshark-dev mailing list 
> Archives:https://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
>  mailto:wireshark-dev-requ...@wireshark.org?subject=
> unsubscribe
>
___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] How to get calling dissector

2018-01-29 Thread Uli Heilmeier

Thanks a lot Roland.

Now that I know what to look for packet-sip.c gives a nice example.

Cheers
Uli

Am 29.01.18 um 18:03 schrieb Roland Knall:
> Short answer: packet_info->layers should get you the list of protocols called 
> before yours. If you iterate, you should
> see the other protocols before yours. In packet.c:754 you see the code adding 
> to the list. 
> 
> Not sure though, how stable that interface is. It is pretty in-depth for 
> span, so you should be save to use it, but not
> sure, if it is official, or if there is another way.
> 
> cheers
> Roland
> 
> On Sun, Jan 28, 2018 at 10:59 PM, Uli Heilmeier  > wrote:
> 
> Hi all,
> 
> TL,DR:
> How does a dissector know which dissector called it?
> 
___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] How to get calling dissector

2018-01-29 Thread Roland Knall

Short answer: packet_info->layers should get you the list of protocols
called before yours. If you iterate, you should see the other protocols
before yours. In packet.c:754 you see the code adding to the list.

Not sure though, how stable that interface is. It is pretty in-depth for
span, so you should be save to use it, but not sure, if it is official, or
if there is another way.

cheers
Roland

On Sun, Jan 28, 2018 at 10:59 PM, Uli Heilmeier  wrote:

> Hi all,
>
> TL,DR:
> How does a dissector know which dissector called it?
>
> Long version:
> I’m currently implementing a dissector for „Session Multiplex Protocol“
> (SMP) [1] requested in bug 14110 [2].
> The Tabular Data Stream (TDS; MS SQL Server) protocol depends on SMP when
> using the MARS feature [3].
>
> SMP runs on top of TCP and is a session layer protocol. SMP however has no
> identifier to specify the next protocol.
> When TDS uses SMP the SMP payload itself is TDS. Resulting in dissector
> stack: Ethernet/IP/TCP/TDS/SMP/TDS.
>
> I want to call the TDS dissector for the SMP payload data only when it was
> called by TDS. Otherwise just display the data as hex.
> How can I get the information which dissector called my dissector?
>
> Any ideas are welcome. Thanks!
>
> [1]: https://msdn.microsoft.com/en-us/library/cc219643.aspx
> [2]: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14110
> [3]: https://docs.microsoft.com/en-us/sql/relational-databases/
> native-client/features/using-multiple-active-result-sets-mars
>
> Cheers Uli
> 
> ___
> Sent via:Wireshark-dev mailing list 
> Archives:https://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
>  mailto:wireshark-dev-requ...@wireshark.org?subject=
> unsubscribe
___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

[Wireshark-dev] How to get calling dissector

2018-01-29 Thread Uli Heilmeier

Hi all,

TL,DR:
How does a dissector know which dissector called it?

Long version:
I’m currently implementing a dissector for „Session Multiplex Protocol“ (SMP) 
[1] requested in bug 14110 [2].
The Tabular Data Stream (TDS; MS SQL Server) protocol depends on SMP when using 
the MARS feature [3].

SMP runs on top of TCP and is a session layer protocol. SMP however has no 
identifier to specify the next protocol.
When TDS uses SMP the SMP payload itself is TDS. Resulting in dissector stack: 
Ethernet/IP/TCP/TDS/SMP/TDS.

I want to call the TDS dissector for the SMP payload data only when it was 
called by TDS. Otherwise just display the data as hex.
How can I get the information which dissector called my dissector?

Any ideas are welcome. Thanks!

[1]: https://msdn.microsoft.com/en-us/library/cc219643.aspx
[2]: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14110
[3]: 
https://docs.microsoft.com/en-us/sql/relational-databases/native-client/features/using-multiple-active-result-sets-mars

Cheers Uli
___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] How to get calling dissector

Re: [Wireshark-dev] How to get calling dissector

Re: [Wireshark-dev] How to get calling dissector

Re: [Wireshark-dev] How to get calling dissector

Re: [Wireshark-dev] How to get calling dissector

[Wireshark-dev] How to get calling dissector

6 matches

Site Navigation

Mail list logo

Footer information