Beth wrote:
>
> I am working with a plugin dissector that handles a protocol running
> under IEEE 802.15.4. The source code for this dissector (written by
> someone else) combines the 802.15.4 dissection with the other protocol.
> I am attempting to split the existing plugin into a separate plugin for
> the other protocol, and use it with the Wireshark builtin 802.15.4
> dissector instead of the homegrown one.
>
> Here is the hitch I have encountered: The sniffer I was given
> encapsulates the 802.15.4 packets as UDP payloads. The plugin I'm
> working on adds itself to the "udp.port" dissector list for the
> appropriate port#, but the builtin 802.15.4 dissector only adds itself
> to "ethertype".
>
> Can someone advise me on the best way to proceed from here? I see the
> following options:
>
> 1. Give up on using the builtin 802.15.4 dissector, just keep using the
> one I have.
>
> 2. Modify the builtin dissector so that it adds itself to "udp.port"
> instead of "ethertype". (Which means I will no longer be able to
> distribute just the plugins to other users of this protocol; they will
> need the modified Wireshark build as well.)
>
> 3. Find a way to modify the builtin dissector so that it works for this
> sniffer *without* affecting how it works for everyone else, and submit
> the patch for approval. (Would only do this if it were likely that
> others might need a similar feature.)
4. Write another dissector that registers for the appropriate "udp.port"
and calls find_dissector("wpan") (or "wpan-nofcs" or one of the other
names for that dissector) to get a handle to the 802.15.4 dissector.
When this dissector is handed packets it can pass the appropriate part
of the payload to the built-in 802.15.4 dissector.
For a simple example of that, look at packet-mtp2.c who dissects MTP2
headers before passing the remaining payload to the MTP3 dissector.
___________________________________________________________________________
Sent via: Wireshark-dev mailing list <[email protected]>
Archives: http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:[email protected]?subject=unsubscribe
