I think something like the following should work for you:
static dissector_handle_t ip_handle;
static gboolean dissect_afdx(tvbuff_t *tvb, packet_info *pinfo, proto_tree
*tree)
{
...
if ( this_is_really_ip )
{
next_tvb = tvb_new_subset(tvb, offset_to_ip, -1, -1);
call_dissector(ip_handle, next_tvb, pinfo, afdx_tree);
}
...
}
void proto_reg_handoff_afdx(void)
{
...
ip_handle = find_dissector("ip");
}
- Chris
From: [EMAIL PROTECTED]
Sent: Mon 3/31/2008 9:08 AM
To: wireshark-dev@wireshark.org
Subject: [Wireshark-dev] Fw: modifying the eth-dissector
Hi there again!
I implemented my dissection for AFDX now with a heuristic_dissector (btw. is
there a documentation that explaines the differences between heuristic
registration and "normal"? ).
Now i want to give the payload of the LLC Layer (=left data) to the
IP-dissector by calling capture_ip() (i assume). Problem is now that i have to
supply the packet_count and the pd-pointer to capture_ip.
How can i get this value/pointer? (out of tvbuf? ) Or is there a better way?
Again, thanks a lot for your help!
Valentin
----- Forwarded by Valentin Ecker/TTTech on 31.03.2008 15:06 -----
Valentin Ecker/TTTech
25.03.2008 13:52 [EMAIL PROTECTED]
cc
Subjectmodifying the eth-dissector
Hi all,
I would like to write a new dissector for wireshark...but im stuck at some
points:
My protocol is based on the ARINC AFDX standard which is (more or less) based
on Ethernet II frames at layer 2. The difference to this frame type is the
MAC-Dest/Source-Address, where a certain address space is defined in advance to
recognize the AFDX frames. This ensures that any COTS ethernet controller can
ignore such type of frames, but special devices (such as switches and
controllers) recognize them. Anyway...i think any other protocol details would
go to far....
My Problem is the following now:
I have to inspect the MAC addresses and - if a special address is given -
foreward them to my own dissector which dissects further layers. The most
obvious thing for me would be to modify the "packet-eth" and branch off there
for the next layers (as it is already done with the Cisco ISL frames).
What do you think?
Unfortunately i would prefer a plugin dll instead of compiling the whole
source. I think i would have to exchange the whole eth-dissector with my own
one residing in the plugin directory...would that be possible, or is there a
better solution?
Another problem is, that the address space is defined by a configuration file
(an XML File), and must be read at least at every startup of wireshark. Where
do you think would be a nice place in the wireshark directory for such a file
to be read? I was thinking of: "Read file if there is one, otherwise handle
AFDX Frames like Ethernet 2 ones".
Thanks a lot for your help!
Valentin
_______________________________________________
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-dev
