Wireshark-dev: Re: [Wireshark-dev] How to get calling dissector
From: Uli Heilmeier <zeugs@xxxxxxxxxxxx>
Date: Tue, 30 Jan 2018 19:34:12 +0100
Thanks for your idea. It's exactly the way Michael did it with his improvement for my patch:
https://code.wireshark.org/review/#/c/25509/

Am 29.01.18 um 21:01 schrieb Shai Shapira:
> I believe there's another possible approach here:
> Register the dissector once with proto_register_protocol (as usual), which assumed caller is TCP
> register another dissection function (for SMP) using  create_dissector_handle_with_name called something like "smp.tds" 
> than look for this name when retrieving the dissector handle in the TDS dissector
> 
> This means you should have 2 'entry point' functions to your dissector (usually there's only one dissect_PROTO).
> This way by writing different dissection/payload handling code in those two functions you can react differently to
> different calling protocols (tcp calls will trigger the first function, TDS will trigger the second etc)
> 
> 
> 2018-01-29 21:26 GMT+02:00 Uli Heilmeier <zeugs@xxxxxxxxxxxx <mailto:zeugs@xxxxxxxxxxxx>>:
> 
>     Thanks a lot Roland.
> 
>     Now that I know what to look for packet-sip.c gives a nice example.
> 
>     Cheers
>     Uli
> 
>     Am 29.01.18 um 18:03 schrieb Roland Knall:
>     > Short answer: packet_info->layers should get you the list of protocols called before yours. If you iterate, you should
>     > see the other protocols before yours. In packet.c:754 you see the code adding to the list. 
>     >
>     > Not sure though, how stable that interface is. It is pretty in-depth for span, so you should be save to use it, but not
>     > sure, if it is official, or if there is another way.
>     >
>     > cheers
>     > Roland
>     >
>     > On Sun, Jan 28, 2018 at 10:59 PM, Uli Heilmeier <uh@xxxxxxxxxxxx <mailto:uh@xxxxxxxxxxxx> <mailto:uh@xxxxxxxxxxxx <mailto:uh@xxxxxxxxxxxx>>> wrote:
>     >
>     >     Hi all,
>     >
>     >     TL,DR:
>     >     How does a dissector know which dissector called it?
>     >