Wireshark-dev: [Wireshark-dev] Bypassing the first layer
From: Juanjo Martin Carrascosa <juanjo@xxxxxxx>
Date: Tue, 14 Jan 2020 16:31:51 +0100
Hi everyone,

RTPS is a protocol already supported by Wireshark. I have been helping maintain that protocol these past years. It sits on top of TCP and UDP, as well as some other transports that are not network ones (Shared Memory typically with a proprietary implementation).

We are currently working on implementing a new logging mechanism for our product, mainly to address the Shared Memory scenario but it can also be really useful when RTPS is used on top of network protocols. 

Problem: We can log the RTPS layer but we don't have some information in our middleware like the Frame or Ethernet information, so we need to make it up. This is ugly, so I am trying to avoid that:

How can I register a protocol so it is picked up instead of the Frame layer? This is, I want to create a new protocol that detects that the information we generate is for that protocol and the Frame protocol is not called, but the new protocol I am creating. This new protocol will then call the RTPS protocol to dissect the payload I want to display. We are planning to also add some information to this custom protocol, that's why I want it to be called first.

Note: I just came up with this solution, but if you have a different solution for this, please let me know.

Thanks,
Juanjo Martin