Wireshark-dev: Re: [Wireshark-dev] Question regarding LTE RRC dissectors
From: "Jagadeesan, Viswanathan" <vjagadee@xxxxxxxxxxxxxxxx>
Date: Wed, 2 Dec 2015 23:06:23 +0000

Hi Pascal

 

                As know that wire shark  call the RRC dissector if packet has RRC payload of MAC->RLC->PDCP, otherwise it wouldn’t invoke. We need something like 

Ethernet MAC + IP + UDP + LTE RRC instead of  Ethernet MAC + IP + UDP + MAC +RLC + PDCP +RRC.

 

Any suggestions.

 

Thanks,Viswa

 

 

From: Pascal Quantin [mailto:pascal.quantin@xxxxxxxxx]
Sent: Wednesday, December 02, 2015 5:46 PM
To: Jagadeesan, Viswanathan
Cc: wireshark-dev@xxxxxxxxxxxxx
Subject: Re: Question regarding LTE RRC dissectors

 

 

 

2015-12-02 23:36 GMT+01:00 Jagadeesan, Viswanathan <vjagadee@xxxxxxxxxxxxxxxx>:

 

 

From: Jagadeesan, Viswanathan
Sent: Wednesday, December 02, 2015 5:35 PM
To: 'pascal.quantin@xxxxxxxxx'
Subject: Question regarding LTE RRC dissectors

 

Hi

 

         followup question, it does the creation of dissector dll for RRC successfully, when it loads on wireshark , it throws a error: "The procedure entry point dissect_lpp_Ellipsoid_Point_PDU could not be located in the dynamic link libwireshark.dll "

any suggestions.

 

Hi,

as explained in your question on ask.wireshark.org (https://ask.wireshark.org/questions/48152/lte-rrc-dissector-linker-issue) this symbol is not exported by Wireshark. So your plugin will not work with a standard Wireshark version.

You have not explained yet why you try to duplicate the already existing LTE RRC dissector. If your changes are intrusive enough to require accessing those functions, you should probably modify the source of LTE RRC dissector directly and compile your own version of Wirehsark, rather than making a plugin. Or you will need to copy / paste plenty of code in your own plugin, but that could collide with the embedded dissector.

But without knowing your own constraints, we cannot really confirm whether the choice to make a plugin was the best one or not.

 

Best regards,

Pascal.