> Am I correct in saying that heuristic dissectors can be used with Sun/ONC
> RPC programs that do not use a standard (fixed) port?
If you restate it as
ONC RPC programs should register themselves with the ONC RPC
dissector, which is *itself* a heuristic dissector
then the statement is correct.
In fact, *NO* RPC programs are assigned to fixed ports in Ethereal, not
even the portmapper/rpcbind or NFS; the ONC RPC dissector, which
dissects the ONC RPC protocol, is, as indicated, itself a heuristic
dissector - see "packet-rpc.c" - and all dissectors for ONC RPC-based
protocols, i.e.:
BOOTPARAM packet-bootparams.c
MOUNT packet-mount.c
NFS packet-nfs.c
NLM packet-nlm.c
portmapper/RPCBIND packet-portmap.c
STATD packet-stat.c
YPBIND packet-ypbind.c
YPSERV packet-ypserv.c
YPXFR packet-ypxfr.c
register themselves with the RPC dissector.
> My problem is that I wish to write a dissector for 'hclnfsd' (a
> pcnfsd-like daemon from Hummingbird Ltd- my employer), but aside from
> using a standard RPC program number, it's port is dynamic.
*ALL* ONC RPC services are on dynamic ports, with the exception of the
portmapper/RPCBIND and NFS (and one could conceivably run NFS on a port
other than 2049 and break only
1) people trying to use it through a firewall;
2) clients that don't bother asking the server's portmapper for
the port or asking its RPCBIND for the transport-layer
address).
> I poked through the code in 'epan/packet.c' and 'packet-udp.c'
> for 0.8.13,
Poke through the code in, say, "packet-nlm.c" instead - in particular,
the tables of program numbers, names, and dissectors, such as
"nlm1_proc[]", "nlm2_proc[]", "nlm3_proc[]", and "nlm4_proc[]", and the
handoff registration routine at the end of "packet-nlm.c":
void
proto_reg_handoff_nlm(void)
{
/* Register the protocol as RPC */
rpc_init_prog(proto_nlm, NLM_PROGRAM, ett_nlm);
/* Register the procedure tables */
rpc_init_proc_table(NLM_PROGRAM, 1, nlm1_proc);
rpc_init_proc_table(NLM_PROGRAM, 2, nlm2_proc);
rpc_init_proc_table(NLM_PROGRAM, 3, nlm3_proc);
rpc_init_proc_table(NLM_PROGRAM, 4, nlm4_proc);
}
which registers NLM as an RPC protocol.
"packet-udp.c" is definitely the wrong place for an RPC-based protocol
to plug into, as
1) ONC RPC programs can run over TCP (even if your particular
program doesn't happen to be run over TCP) and potentially
other protocols as well (one could plug the ONC RPC dissector
into the ISO transport protocol dissectors, for example);
2) disssectors for ONC RPC programs shouldn't have to dissect
the ONC RPC call and reply headers themselves - they're the
same for all ONC RPC-based protocols, so they should be
handled by common code, namely "dissect_rpc()" in
"packet-rpc.c".
