Hi,
"Yeah, what he said."
About the configuration: he's right again. You better have a *very* good
reason why this has to be done with an XML file, since we already have too
many config/setting/definition/template files in the tree.
Thanx,
Jaap
Maynard, Chris wrote:
Try registering as a heuristic dissector to packet-eth:
“heur_dissector_add(“eth”, dissect_afdx, proto_afdx);”
When handed a frame, your heuristic dissector will scan the MAC to
determine if it’s a “special address” indicating that it’s for your
dissector. If so, process it and return true; otherwise return false so
packet-eth can continue processing and pass the packet to the
appropriate dissector.
Probably the easiest thing to do is to use a Wireshark preference
instead of an .xml file to set your address space.
- Chris
------------------------------------------------------------------------
*From:* wireshark-dev-bounces@xxxxxxxxxxxxx
[mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] *On Behalf Of
*valentin.ecker@xxxxxxxxxx
*Sent:* Tuesday, March 25, 2008 8:52 AM
*To:* wireshark-dev@xxxxxxxxxxxxx
*Subject:* [Wireshark-dev] modifying the eth-dissector
Hi all,
I would like to write a new dissector for wireshark...but im stuck at
some points:
My protocol is based on the ARINC AFDX standard which is (more or less)
based on Ethernet II frames at layer 2. The difference to this frame
type is the MAC-Dest/Source-Address, where a certain address space is
defined in advance to recognize the AFDX frames. This ensures that any
COTS ethernet controller can ignore such type of frames, but special
devices (such as switches and controllers) recognize them. Anyway...i
think any other protocol details would go to far....
My Problem is the following now:
I have to inspect the MAC addresses and - if a special address is given
- foreward them to my own dissector which dissects further layers. The
most obvious thing for me would be to modify the "packet-eth" and branch
off there for the next layers (as it is already done with the Cisco ISL
frames).
What do you think?
Unfortunately i would prefer a plugin dll instead of compiling the whole
source. I think i would have to exchange the whole eth-dissector with my
own one residing in the plugin directory...would that be possible, or is
there a better solution?
Another problem is, that the address space is defined by a configuration
file (an XML File), and must be read at least at every startup of
wireshark. Where do you think would be a nice place in the wireshark
directory for such a file to be read? I was thinking of: "Read file if
there is one, otherwise handle AFDX Frames like Ethernet 2 ones".
Thanks a lot for your help!
Valentin
