Re: [Wireshark-dev] What is best way to use other protocol subdissectors?

Thu, 31 Jan 2019 20:25:31 -0800 

What is the format of the IEEE-1722 "CAN message"?  From my experience there 
are many different formats for CAN, so I think it's abstracted as best it can 
be.  The SocketCAN "packet format" isCAN ID (4 bytes).  Since CAN IDs are 
typically 11 or 29-bits, SocketCAN uses some of the higher bits for other 
flags.Payload length (1 byte)"Padding" (3 bytes)<CAN payload>  (size based on 
payload length).
Since the CAN ID is not "on the wire" for many CAN protocols (it's just the 8 
byte payload), subdissectors have been set up to accept the 32-bit CAN ID as a 
"data parameter" passed into the dissection function.  Technically, I think 
Maksim Salau expanded it to a full structure (probably to accommodate/mask the 
higher bits of SocketCAN).  This does fall a little under first dissector gets 
to more heavily influence the interface.
All CAN protocols have registered with the "can.subdissector", where the 
"interface" is expecting the "data parameter" structure that is dictated by 
SocketCAN.  However any dissector has access to use the "can.subdissector" 
table.  For example, if the IEEE-1722 "packet format" isCAN ID (4 bytes).  Only 
CAN IDs of 11 or 29 bits, no higher bits setPayload length (1 byte)<CAN 
payload> (size based on payload length)
The IEEE-1722 "CAN dissector" can enumerate the "header fields" of CAN ID and 
Payload length, and reuse the same display names like can.id, and then get a 
handle to the "can.subdissector" table and call dissector_try_payload_new() 
just like the SocketCAN dissector does.  Just be aware that the data parameter 
of dissector_try_payload_new() has to match the structure that SocketCAN uses 
because that is the "interface" that the "can.subdissector" dissector table has 
defined.
With the "can.subdissector" there isn't a way to determine which subdissector 
should be called (so you always have to use Decode As).  Some protocols, like 
TCP or UDP can key off of the "port number" to determine which subdissector to 
call and subdissectors can register by that port number.If the IEEE-1722 
"packet format" has a field to determine which CAN protocol followed (i.e. 1 = 
J1939, 2 = CANOpen), then it should setup its own subdissector table 
("1722can.subdissector"), and then the CAN protocols themselves would need to 
register with that dissector table as well, with the value of the field used to 
call them.
Hope this provides a little more clarity.




-----Original Message-----
From: Dmitriy Linikov <dmitriy.lini...@gmail.com>
To: wireshark-dev <wireshark-dev@wireshark.org>
Sent: Wed, Jan 30, 2019 6:01 am
Subject: Re: [Wireshark-dev] What is best way to use other protocol 
subdissectors?



Date: Wed, 30 Jan 2019 09:42:30 +0000
From: Anders Broman <anders.bro...@ericsson.com>
To: Developer support list for Wireshark <wireshark-dev@wireshark.org>
Subject: Re: [Wireshark-dev] What is best way to use other protocol 
subdissectors?

Why do you need to add “fake "can.flags.xxx" to the list of protocol fields”?


I want wireshark to treat ACF-CAN submessages of IEEE1722 like any regular can 
message that is handled by packet-socketcan: decode payload and use the same 
filters. 



I think the reason for that is that you are adding hf variables to a protocol 
whose name is ieee1722 and in that case the expected format is

Ieee1722.can.flags.rtr. I guess you should register your sub protocol and name 
the hf’s accordingly but it’s hard to say with the information given.

Publish you code snippet?

 The example of such code can be seen in packet-caneth.c which is also a 
transport protocol for CAN messages over Ethernet. It defines "can.id" and 
other "can.xxx" hf in addition to its own "caneth.magic", "caneth.version", 
etc.Maksim Salau has already pointed me to the list of exceptions in "sub 
is_from_other_protocol_whitelist" in tools/checkfiltername.pl, but still I'm 
not sure whether it is the right way to do it.

It looks like there is a flaw in wireshark's CAN support which is at the moment 
not abstract and is bound to the Linux-specific SocketCAN driver implementation.
Best regards,Dmitriy Linikov.
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@wireshark.org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
            mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@wireshark.org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Reply via email to