This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Can I pass arguments to a sub-dissector?

0

I've written a dissector that takes various UDP ports and dissects their packets. Now I'm writting a subdissector that my dissector calls based on an id value that it decodes. I have the subdissector registering for a range of ids (ex 600-700), however, I'm not sure of the best way to pass that id value to the subdissector. Any suggestions?

Additional information: I parse about 4 different items in the dissector before I pass to the sub. if the id was last I would just move my offset back when I make this call

next_tvb = tvb_new_subset_remaining(tvb, offset);

however the id is the first of the 4 values and I don't want the subdissector to have to grab the id and then cleanup the other values on its own. I'm looking for a cleaner way to do this.

A similar but related problem would be how my top dissector could figure out which of the several udp ports it's registered for was actually the reason it was called.

asked 26 Jan '12, 11:26

simply_blue's gravatar image

simply_blue
6225
accept rate: 100%

edited 26 Jan '12, 13:19

multipleinterfaces's gravatar image

multipleinte...
1.3k152340

(26 Jan '12, 13:18) multipleinte...

I don't think conversations will help because I only want to pass this data per packet.

(26 Jan '12, 13:42) simply_blue

2 Answers:

0

I think I have found a solution that will solve my problem.

A lot of grepping and a re-read of the README.developer led me to the private-data field of the packet-info struct. Since I already pass pinfo to the sub-dissector, this method should store my id value per packet. If I end up with more arguments that I want to keep with the packet I'll just define my own struct in a header and include it in the dissector and sub-dissector and cast the void pointer properly on either side.

The code builds but I haven't had a chance to test it yet.

answered 26 Jan '12, 13:46

simply_blue's gravatar image

simply_blue
6225
accept rate: 100%

edited 26 Jan '12, 13:47

0

I found it here https://www.wireshark.org/lists/wireshark-dev/200911/msg00203.html

newtvb = tvbuffer(50):tvb()
next_dissector:call( newtvb, pinfo, treeitem )

Sorry, It is not an answer to your question. This lua snippet describes sub-dissector calling.

answered 18 Nov '14, 03:25

hexum's gravatar image

hexum
112
accept rate: 0%

edited 18 Nov '14, 03:29