It's the preferred way to exchange data between dissectors because you're a lot more sure of its scope than some of the other methods. For most cases, you're just passing the data between a dissector and it's subdissector (rarely does it go farther than that). If TCP is passing its data to SSL and you have another dissector that needs to pass data to SSL, I recommend creating another dissector entry point for SSL for the STARTTLS-like dissector to call (and register it for the STARTTLS-like protocol to find). The "current" dissector entry point and "new" dissector entry point can have a "common" function that they both call, taking into account the data passed it. If SSL is just ignoring the TCP data (most dissectors do), the common function would take a NULL parameter in that case.
I know there are current dissectors that use this functionality, I just can't think of any off the top of my head. -----Original Message----- From: Peter Wu <pe...@lekensteyn.nl> To: Developer support list for Wireshark <wireshark-dev@wireshark.org> Sent: Fri, Jan 30, 2015 6:09 pm Subject: [Wireshark-dev] What is the data parameter of call_dissector_with_data? Hi, To fix a bug, I need to pass the protocol type from a STARTTLS-like protocol to the SSL dissector. I was about to use the "unused" data field of dissect_ssl for this, but it turns out that the TCP dissector fills in this field. That makes it entirely useless for other purposes (such as passing parameters from via call_dissector_with_data). It seems that my best alternative is p_add_proto_data (documented in README.dissector, section 2.5 Per-packet information). What is actually the purpose of the "data" parameter? It is not documented well AFAIK, the packet-PROTOABBREV.c does not mention it at all for example besides marking it as unused. -- Kind regards, Peter Wu https://lekensteyn.nl/ ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe