This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

HomePlug AV Unkown Types 0x606e , 0x606f, 0X607c …

0

Is there anyway I can add names to these fields in the types or modify the info column object of the homeplug av protocol by accessing these fields?

I want to know if it is possible to write a post dissector which only modifies the unknown types and other required fields by keeping all other fields of homeplug AV.

asked 06 Oct '17, 12:32

golthitatun's gravatar image

golthitatun
11225
accept rate: 0%


One Answer:

0

A post-dissector cannot modify any fields of the dissection tree already contributed by standard dissectors, but it can append text to the pinfo.cols.info (and most likely even rewrite it completely).

Unlike some other dissectors, the HomePlug-AV one does not seem to be plugin-ready in terms that it would use a dissector table with homeplug_av.mmhdr.mmtype values as keys to refer to sub-dissectors.

However, if just appending/replacing text in the info column is not sufficient for you and you don't want to touch the existing homeplug_av dissector, you may create your own dissector, handling only your additional mmtypes, and invoke the standard dissector for all the other ones. This approach requires that you duplicate the header parsing part of the standard dissector (MAC Management Header, Vendor MME) but that's not a big deal. I've seen this approach to be called "chained dissectors".

To insert your own dissector in front of the standard one:

  • in the initialization part of it, you would copy the link to the standard dissector from the ethertype dissection table into your dissector's local variable and replace it with a link to your own dissector's executive part
  • the executive part of your dissector would first check the mmtype, and if it wouldn't be one of those it can handle, it would call the standard one stored in the variable, forwarding all its input parameters unchanged and returning the return value unchanged as well.

In your own dissector you can use exactly the same field names which the standard dissector uses, so the display filters on fields like homeplug_av.vendor.oui or homeplug_av.mmhdr.mmver will work also on frames dissected by your custom dissector.

answered 08 Oct '17, 01:38

sindy's gravatar image

sindy
6.0k4851
accept rate: 24%

edited 08 Oct '17, 11:00

Hi thank you, I am new to writing dissectors, can you please share any example code if you have anything related to this.

(09 Oct '17, 06:39) golthitatun

The first question here is: Lua or C++? I never took the effort to roll out a C++ development environment so cannot give any relevant advice.

(09 Oct '17, 06:41) sindy

I am writing in Lua.

(09 Oct '17, 06:52) golthitatun

As you say "I am writing", I suppose you only need help with some particular moment (like how to create the dissector chain)? Or you write in Lua in general but never wrote a dissector before? Have you already been here?

(09 Oct '17, 07:11) sindy