THIS IS A TEST INSTANCE. Feel free to ask and answer questions, but take care to avoid triggering too many notifications.
Ask Your Question
0

Dissector: register a name for a ethertype

I am making a new dissector, that is triggered on an specific ethertype. I register it like this:

```c

static dissector_handle_t foo_handle;

foo_handle = create_dissector_handle(dissect_foo_sos, proto_foo_sos);
dissector_add_uint("ethertype", FOO_PROTO_ETHERTYPE, foo_handle);

```

The dissector works great, but when browsing the capture, the llc.type type corresponding to the ethertype I am parsing, is shown as Type: Unknown (0x1234).

Is there a way to register a protocol name for this specific ethertype?

doragasu's avatar
1
doragasu
asked 2021-09-03 12:01:25 +0000, updated 2021-09-06 06:27:04 +0000
edit flag offensive 0 remove flag close merge delete

Comments

Is that really your code? The "foo"s and the "wiyo"s don't seem to match up.

See the end of packet-aarp.c for a simple example.

Chuckc's avatar Chuckc (2021-09-03 14:57:16 +0000) edit
more
  • delete

No, sorry, I have corrected it.

doragasu's avatar doragasu (2021-09-06 06:27:19 +0000) edit
more
  • delete
add a comment see more comments

2 Answers

0

A quick dig around seems to indicate that you need to go for the source code. I found the ethertypes listed in an include file but no reference to a config file to add your own.

hugo.vanderkooij's avatar
76
hugo.vanderkooij
answered 2021-09-03 12:52:20 +0000
edit flag offensive 0 remove flag delete link
more

Comments

Too bad there is not an interface for plugins. Thanks!

doragasu's avatar doragasu (2021-09-06 06:29:13 +0000) edit
more
  • delete
add a comment see more comments
0

You'd have to modify the etype_vals[] table in epan/dissectors/packet-ethertype.c and recompile Wireshark; unfortunately, there's currently no way for code outside Wireshark to add entries to that table.

Guy Harris's avatar
19.9k
Guy Harris
answered 2021-09-03 20:51:12 +0000
edit flag offensive 0 remove flag delete link
more

Comments

Oh, that's unfortunate I cannot do it inside the dissector plugin. Thanks for digging into it!

doragasu's avatar doragasu (2021-09-06 06:28:55 +0000) edit
more
  • delete
add a comment see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.

Add Answer