On Sat, 19 Nov 2005, Ulf Lamping wrote:
> fabio matturro wrote:
>
> > Hello,
> > I am a first timers at developing plugins, then - please - be
> > indulgent : )
> > I would like to dissect a UDP-based protocol. As far as I've
> > understood, this protocol doesn't always connect to the same port
> > (neverthless the master uses a range of ports starting from 1025, its
> > slaves from about 32000).
> > I have started reading README.developer and other stuff and it
> > suggests, as a very first step, to write a useless dissector which
> > simply labels the protocol.
> > In order to do this it initializes:
> >
> > static int global_foo_port = 1234;
> >
> > and lines further:
> >
> > disector.add ("udp.port", global_foo_port, foo_handle);
> >
> > Here's the problem
> >
> > Since there's no predetermined ports how can I initialize the
> > dissector for this protocol?
> > [I've read something about "conversion", not very thoroughly, though.
> > Could it be the answer to my problems :D?]
>
> As I'm not an expert on this, only a little help:
>
> The "conversation" is about the grouping of several packets into a
> conversation. This is useful if relationships between packets are
> interesting, e.g. to calculate the time between two packets.
>
> IMO what you are looking for is heuristic. This way the lower layer
> dissector will ask several upper layer dissectors "do you think this
> packet is for you?". The upper layer dissector will try to see if some
> characteristics are fulfilled (usually the first few bytes will follow a
> protocol specific pattern).
>
> As I don't have much knowledge on this topic, you may read
> README.developer, the Developer Guide and, of course, the source code of
> some UDP based dissectors...
>
> Regards, ULFL
>
Yeah, you need to use something like this
void
proto_reg_handoff_PROTOCOL(void)
{
/*
* Register the dissector as a heuristic dissector for UDP traffic.
*/
heur_dissector_add("udp", dissect_PROTOCOL, proto_PROTOCOL);
}
Thanx,
Jaap
