Joerg Mayer wrote:
> On Thu, May 03, 2007 at 10:07:22AM -0400, Kevin A. Noll wrote:
>
>> I am trying to finish writing additional decode details for the WLCCP
>> dissector. In places, though, the WLCCP protocol carries other protocol data
>> that I'd like to decode, but not re-write the code.
>>
>
> Nice. Can you send in what you already have?
>
>
>> I know I can call other dissectors, but it's not apparent to me (an amateur)
>> how or if they return to the original dissector, which is what I would need
>> to do. For example, WLCCP can embed EAPOL messages as follows:
>>
>>
>> 1. Generic WLCCP Headers
>> 2. WLCCP Message-Type Specific Headers
>> 2a. Embedded EAPOL
>> 3. More WLCCP Message-Type Specific Data 4. Possibly some variable TLV
>> information
>>
>>
>> I need to be able to call the external EAPOL dissector and return to the
>> WLCCP dissector to finish dissecting the WLCCP headers and TLVs.
>>
>> I would be much obliged if someone could give me a pointer on how to do this
>> and/or to a dissector that does something similar.
>>
>
> have a look at packet-radius.c and how eap support is handlered there.
> In short:
>
> proto_reg_handoff_radius(void)
> ...
> eap_handle = find_dissector("eap");
>
> And further up:
>
> call_dissector(eap_handle, eap_tvb, pinfo, eap_tree);
>
> Ciao
> Joerg
>
Or why not add heuristic sub-dissector possibilities using something
like this in your code (also rather short):
static dissector_handle_t data_handle = find_dissector("data");
static heur_dissector_list_t my_heur_subdissector_list;
---8<--- snip ---8<---
if(try_heuristic)
{
if(!dissector_try_heuristic(my_heur_subdissector_list, payload_tvb,
pinfo, sub_tree))
{
/* Heuristic dissection failed, dissect it as data. */
call_dissector(data_handle, payload_tvb, pinfo, sub_tree);
}
}
else
{
/* Oh, well, we don't know this; dissect it as data. */
call_dissector(data_handle, payload_tvb, pinfo, sub_tree);
}
where you in proto_register_<my dissector> should have done:
/* Sub-dissector hook code */
register_heur_dissector_list("<my proto name>",
&my_heur_subdissector_list);
This would allow for any other dissector to register itself to
heuristically decode the data part of your protocol by doing:
another_module = prefs_register_protocol(proto_another,
proto_reg_handoff_another);
heur_dissector_add("<your proto name>", <heuristic dissection routine>,
proto_another);
Regards, Peter
_______________________________________________
Wireshark-dev mailing list
[email protected]
http://www.wireshark.org/mailman/listinfo/wireshark-dev
