Wireshark-dev: Re: [Wireshark-dev] Question regarding LTE RRC dissectors
From: Pascal Quantin <pascal.quantin@xxxxxxxxx>
Date: Thu, 3 Dec 2015 00:14:09 +0100


Le 3 déc. 2015 12:06 AM, "Jagadeesan, Viswanathan" <vjagadee@xxxxxxxxxxxxxxxx> a écrit :
>
> Hi Pascal
>
>  
>
>                 As know that wire shark  call the RRC dissector if packet has RRC payload of MAC->RLC->PDCP, otherwise it wouldn’t invoke. We need something like 
>
> Ethernet MAC + IP + UDP + LTE RRC instead of  Ethernet MAC + IP + UDP + MAC +RLC + PDCP +RRC.

So you are definitely taking the wrong approach.
You could create a custom plugin registering on a given UDP port that would extract the from the UDP payload some meta data identifying the LTE RRC  channel and the message payload, then calling the right dissector. All are registered by name (as seen in packet-lte-rrc.c) and can be called from a plugin.
You should not try to duplicate LTE RRC code.

>
>  
>
> Any suggestions.
>
>  
>
> Thanks,Viswa
>
>  
>
>  
>
> From: Pascal Quantin [mailto:pascal.quantin@xxxxxxxxx]
> Sent: Wednesday, December 02, 2015 5:46 PM
> To: Jagadeesan, Viswanathan
> Cc: wireshark-dev@xxxxxxxxxxxxx
> Subject: Re: Question regarding LTE RRC dissectors
>
>  
>
>  
>
>  
>
> 2015-12-02 23:36 GMT+01:00 Jagadeesan, Viswanathan <vjagadee@xxxxxxxxxxxxxxxx>:
>>
>>  
>>
>>  
>>
>> From: Jagadeesan, Viswanathan
>> Sent: Wednesday, December 02, 2015 5:35 PM
>> To: 'pascal.quantin@xxxxxxxxx'
>> Subject: Question regarding LTE RRC dissectors
>>
>>  
>>
>> Hi
>>
>>  
>>
>>          followup question, it does the creation of dissector dll for RRC successfully, when it loads on wireshark , it throws a error: "The procedure entry point dissect_lpp_Ellipsoid_Point_PDU could not be located in the dynamic link libwireshark.dll "
>>
>> any suggestions.
>
>  
>
> Hi,
>
> as explained in your question on ask.wireshark.org (https://ask.wireshark.org/questions/48152/lte-rrc-dissector-linker-issue) this symbol is not exported by Wireshark. So your plugin will not work with a standard Wireshark version.
>
> You have not explained yet why you try to duplicate the already existing LTE RRC dissector. If your changes are intrusive enough to require accessing those functions, you should probably modify the source of LTE RRC dissector directly and compile your own version of Wirehsark, rather than making a plugin. Or you will need to copy / paste plenty of code in your own plugin, but that could collide with the embedded dissector.
>
> But without knowing your own constraints, we cannot really confirm whether the choice to make a plugin was the best one or not.
>
>  
>
> Best regards,
>
> Pascal.
>
>