Wireshark-dev: [Wireshark-dev] Fw: modifying the eth-dissector
Hi there again!
I implemented my dissection for AFDX
now with a heuristic_dissector (btw. is there a documentation that explaines
the differences between heuristic registration and "normal"?
).
Now i want to give the payload of the
LLC Layer (=left data) to the IP-dissector by calling capture_ip() (i assume).
Problem is now that i have to supply the packet_count and the pd-pointer
to capture_ip.
How can i get this value/pointer? (out
of tvbuf? ) Or is there a better way?
Again, thanks a lot for your help!
Valentin
----- Forwarded by Valentin
Ecker/TTTech on 31.03.2008 15:06 -----
Valentin Ecker/TTTech
25.03.2008 13:52
|
To
| wireshark-dev@xxxxxxxxxxxxx
|
cc
|
|
Subject
| modifying the eth-dissector |
|
Hi all,
I would like to write a new dissector
for wireshark...but im stuck at some points:
My protocol is based on the ARINC AFDX
standard which is (more or less) based on Ethernet II frames at layer 2.
The difference to this frame type is the MAC-Dest/Source-Address, where
a certain address space is defined in advance to recognize the AFDX frames.
This ensures that any COTS ethernet controller can ignore such type of
frames, but special devices (such as switches and controllers) recognize
them. Anyway...i think any other protocol details would go to far....
My Problem is the following now:
I have to inspect the MAC addresses
and - if a special address is given - foreward them to my own dissector
which dissects further layers. The most obvious thing for me would be to
modify the "packet-eth" and branch off there for the next layers
(as it is already done with the Cisco ISL frames).
What do you think?
Unfortunately i would prefer a plugin
dll instead of compiling the whole source. I think i would have to exchange
the whole eth-dissector with my own one residing in the plugin directory...would
that be possible, or is there a better solution?
Another problem is, that the address
space is defined by a configuration file (an XML File), and must be read
at least at every startup of wireshark. Where do you think would be a nice
place in the wireshark directory for such a file to be read? I was thinking
of: "Read file if there is one, otherwise handle AFDX Frames like
Ethernet 2 ones".
Thanks a lot for your help!
Valentin