how to use existing dissector in a new dissector inside a new plugin
I have created a new dissector for capturing CAN protocol inside a new plugin called myproto. I have used existing dissector "packet-socketcan.c" as a reference code to make my own customized dissector. I able to compile successfully but while running wireshark binary get aborted and an error like
"Duplicate protocol short_name "CAN"! This might be caused an inappropriate plugin or a development error"
I have changed this short_name into different name, then also the binary get aborted and throw an error like
packet.c: register_dissector_handle: assertion failed (g_hash_table_lookup(registered_dissectors, name) == NULL)
Please provide me a right solution to resolve this issue Or suggest me any other way to achieve this scenario.
Appreciate your response and thanks in advance for your valuable time.
As you've found you can't have two dissectors attempting to register the same name.
Are you attempting to completely replace the existing CAN dissector, or are you just "wrapping" it, e.g. headers and trailers and hoping to call it from your dissector?
Thank you for the reply.
We are working on custom CAN protocol. So we want to create a new plugin to handle our custom CAN frames. We want the default CAN dissector to be in place and our new plugin to work in parallel. Is it possible ? We have modified default CAN dissector and able to see it in wireshark(custom CAN frames are shown as we have formated) , but we don't want to change the default CAN dissector behavior and have a new plugin to handle it.
"work in parallel" how? On what do you base the selection of the use of the standard dissector vs your custom dissector?
Parallel means , If we select our plugin then our custom dissector will be in use and if our plugin is not enabled then standard dissector will be used. So according to our understanding when our plugin is enabled then received CAN frame won't go through the standard dissector and it will be redirected via our plugin, is it possible ?
Is this a complete replacement of the existing CAN dissector, or is it an CAN "application" protocol such as j1939 which is implemented as a subdissector for CAN?.
Our requirement is to dissect application protocol similar to j1939 (we use 11-bit header). We have already did this by modifying standard CAN dissector files. But we want to know what is the right approach for our requirement from the below : 1. Create a new plugin ? 2. Create a new subdissector ? 3. Modify CAN standard dissector ?
3 we have already done , if its 1 or 2 - then can you provide us with the steps to do it ?
Thank you for your help.
You might be able to use the method used by j1939, register in the can.subdissector table, and when a packet is handed to your dissection function, make the necessary heuristic checks to see if the data is for you. For example the j1939 dissector checks the can id passed into the dissector as the data parameter.
Thank you for your input. We will check the method used by j1939, meanwhile it would be helpful if you can provide some links which we can refer to create a subdissector.
Look at the source in packet-j1939.c. Basically when registering in
proto_reg_handoff_xxxusedissector_add_for_decode_as("can.subdissector", xxx_handle);Thank you for the help!