This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Dissector for CAN protocol

0

Hello i've got an application protocol over CAN called CANSU. I want to write a custom dissector for it.

i'm trying to handle all CAN packets like this:

void proto_reg_handoff_cansu(void)
{
    static dissector_handle_t cansu_handle;
    cansu_handle = new_create_dissector_handle(dissect_cansu, proto_cansu);
    dissector_add_for_decode_as("can",cansu_handle);
}

but after wireshark starting i've got message:

OOPS: dissector table "can" doesn't exist    
Protocol being registered is "CANSU Protocol"

How can i capture whole can protocol for analyzing and processing?

asked 29 Nov '15, 23:15

qmor's gravatar image

qmor
6224
accept rate: 0%

One Answer:

0

The socket CAN dissector has a table named "can.subdissector" that allows other dissectors to register for CAN subdissection, maybe that's what you need.

answered 29 Nov '15, 23:25

grahamb's gravatar image

grahamb ♦
19.8k330206
accept rate: 22%

have tried, but

OOPS: dissector table "can.subdissector" doesn't exist

(29 Nov '15, 23:48) qmor

What version are you building with?

(30 Nov '15, 01:28) grahamb ♦

i guess 2.1.0

(30 Nov '15, 01:57) qmor

So apparently the master branch. The table does exist in my copy of master (updated 10 minutes ago) and is used by several other dissectors.

I just rebuilt the dissectors concerned, and running the build did not generate that error message.

What OS and build mechanism (CMake, autotools or nmake) are you building on?

Have you tried the equivalent of a make dist-clean?

(30 Nov '15, 03:28) grahamb ♦

i've cloned git repository 4 days ago and used cmake to build project. I've see thea source code contains "can.subdissector" table. Is using of dissector_add_for_decode_as are correct?

(30 Nov '15, 07:44) qmor

can.subdissector has been around since Mar 18.

dissector_add_for_decode_as is used by the other can subdissectors.

Looking at your code fragment, you don't need to make cansu_handle static, but I don't think that's the cause of your problem.

Are you building your dissector as a plugin or a "built-in"?

(30 Nov '15, 08:12) grahamb ♦

I'm so sorry. I've used new wireshark source to build plugin and then just copied it to already installed older wireshark version. For now i've build full wireshark and installed it to /tmp directory. For now i've got another problem - "No interfaces found". I've copied dumpcap locally to /tmp/bin directory and give all right that it need.

(30 Nov '15, 23:12) qmor

I think the can.subdissector table is only in 2.x, so the plugin won't work on 1.2.x or older. To support your dissector on 1.12.x you'll need to build that version, modifying packet-socketcan to add a preference to allow your dissector to be used, then distribute the 1.12.x build you've made.

For your other problem you'll need to create a separate question.

(01 Dec '15, 02:04) grahamb ♦
showing 5 of 8 show 3 more comments