Ethereal-dev: Re: [Ethereal-dev] dissector newbie needs some guidence..
Kelly Byrd said:
> DAAP uses HTTP as a transport (on port 3689), the body of the
> requests and repsonses are not plain text, but a simple tagged
> format: 4 char tagname, followed by a 4 bytes length, then "length"
> bytes of data. Some tags are containers, whose data portion is other
> tags of the same format. DAAP messages will span segments, and
> responses are often gzip encoded. There's a few specs around, and I'm
> comfortable with code that deals with the format.
>
> How should I register my dissector? I looked at packet-ipp, which
> registers as a sub-dissector of http. I also looked at packet-text-media
> which appears to be a system of registering dissectors as mime types,
> like packet-gif (the content-type header for DAAP is application
> /x-dmap-tagged).
packet-text-media.c *uses* the system for registering dissectors as media
types; it doesn't *implement* that system. The system is implemented in
packet-http.c and in other dissectors using its "media_type" dissector
table.
> Which do I use? What are the advantages of each method,
Advantage of registering by media type:
You get called regardless of the port the traffic is using, so you're
not tied to specific port numbers.
You get called by *any* dissector that supports the "media_type"
dissector table - the HTTP dissector isn't the only one that uses it.
Disadvantages of registering by media type:
If the protocol doesn't use a port number for which a dissector using
the "media_type" dissector table is called, your dissector won't get
called, either.
It looks as if DAAP should register by port number rather than media type,
as it doesn't use a standard HTTP port number, but *does* have a port
number it uses, and doesn't use anything other than HTTP as a transport.
> When I register as a http sub-dissector, where is the tvbuff passed to
me pointing, at the start
> of the body?
Yes.
> Is there any way to get the URL used for a request message
> (I may not need it, so it's not a deal-breaker, if one method doesn't
> allow it).
No. The HTTP dissector could be modified to supply that *if* it's necessary.