Ask Your Question
0

Proprietary CAN dissector - dissector is never called

asked 2017-12-21 16:05:53 +0000

WireOctopus gravatar image

updated 2017-12-21 20:12:47 +0000

Guy Harris gravatar image

Dear Sharks!

Im able to build wireshark from source and register a proprietary CAN dissector which are supposed to disect the payload from SocketCAN. Here is a code snippet from the SocketCAN source;

next_tvb = tvb_new_subset_length(tvb, CAN_DATA_OFFSET, frame_len);

/* Functionality for choosing subdissector is controlled through Decode As as CAN doesn't
   have a unique identifier to determine subdissector */
if (!dissector_try_uint_new(subdissector_table, 0, next_tvb, pinfo, tree, TRUE, &can_id))
{
    call_data_dissector(next_tvb, pinfo, tree);
}

At the if statement in the call to dissector_try_uint_new im expecting wireshark to somehow call my proprietary disector based on me having made the correct register/handoff calls. However, this is not the case and using the debugger I can se that it allways runs in to the if statement and calls call_data_dissector instead.

Bellow I've posted the proprietary CAN dissector code, and I'm hoping you would give me clues to why my dissector is not called when wireshark is dissecting SocketCAN frames. I'm new to wireshark and all help are much appreciated, thank you.

Other info: Windows 64, branched from "wireshark-2.4.3"/"v2.4.3"/#368ba1e

/* Wireshark - Network traffic analyzer
* By Gerald Combs <[email protected]>
* Copyright 1998 Gerald Combs
*
* SPDX-License-Identifier: GPL-2.0+
*/

#include <config.h>

#if 0
/* "System" includes used only as needed */
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
...
#endif

#include <epan/packet.h>   /* Should be first Wireshark include (other than config.h) */
#include <epan/expert.h>   /* Include only as needed */
#include <epan/prefs.h>    /* Include only as needed */
#include <epan/dissectors/packet-socketcan.h>
//#include <epan/range.h>    /* Include only as needed */

#if 0
/* IF AND ONLY IF your protocol dissector exposes code to other dissectors
* (which most dissectors don't need to do) then the 'public' prototypes and
* data structures can go in the header file packet-fooo_can.h. If not, then
* a header file is not needed at all and this #include statement can be
* removed. */
#include "packet-fooo_can.h"
#endif

/* Prototypes */
/* (Required to prevent [-Wmissing-prototypes] warnings */
void proto_reg_handoff_fooo_can(void);
void proto_register_fooo_can(void);

/* Initialize the protocol and registered fields */
static int proto_fooo_can = -1;
static int hf_fooo_can_fooo_can_field = -1;
static expert_field ei_fooo_can_EXPERTABBREV = EI_INIT;

/* Global sample preference ("controls" display of numbers) */
static gboolean pref_hex = FALSE;

/* Initialize the subtree pointers */
static gint ett_fooo_can = -1;

#define MAX_NEEDED_FOR_HEURISTICS 8
#define TEST_HEURISTICS_FAIL 1

/* Code to actually dissect the packets */
static int
dissect_fooo_can(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
    void *data _U_)
{//<----- This breakpoint is never hit
    g_debug("Here is my fooo can bus\n"); //Never printed

    struct can_identifier can_id;

    DISSECTOR_ASSERT(data);
    can_id = *((struct can_identifier*)data);

    return 0;
}

/* Register the protocol with Wireshark.
*
* This format is require because a script is used to build the C function that
* calls all the protocol registration.
*/
void
proto_register_fooo_can(void)
{//<----- First Breakpoint to be hit, happens once
    module_t        *fooo_can_module;
    expert_module_t *expert_fooo_can;

    /* Setup list of header fields  See Section 1.5 of README.dissector for
    * details. */
    static hf_register_info hf[] = {
        { &hf_fooo_can_fooo_can_field,
        { "BAR_FOOO_CAN_FIELD", "fooo_can.fooo_can_field",
        FT_BOOLEAN, BASE_HEX, NULL, 0,
        "FIELDDESCR", HFILL }
        }
    };

    /* Setup protocol subtree array */
    static gint *ett[] = {
        &ett_fooo_can
    };

    /* Setup protocol expert items ...
(more)
edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted
0

answered 2017-12-21 20:17:56 +0000

Guy Harris gravatar image

You called dissector_add_for_decode_as(), which means you need to use the "Decode As..." menu item, or the -d command-line option, to indicate that CAN payloads should be handed to your dissector. There's no API to allow a dissector to force it to be the dissector used for CAN payloads, without the user explicitly indicating that through the command-line or the GUI.

edit flag offensive delete link more

Comments

Thank you for the clarification, much appreciated!

I'll just put this here as a quick reference for others:

GUI: right click on packet->decode as->field="CAN next level dissector"->current="BAR_FOOO_CAN"->ok
Command line: -dcan.subdissector==0,fooo_can
WireOctopus gravatar imageWireOctopus ( 2017-12-22 11:41:52 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2017-12-21 16:05:53 +0000

Seen: 1,336 times

Last updated: Dec 21 '17