Wireshark-dev: Re: [Wireshark-dev] Proposed change to packet-tcp (tcp_dissect_pdus)
From: "ronnie sahlberg" <ronniesahlberg@xxxxxxxxx>
Date: Tue, 12 Sep 2006 07:44:52 +0000
Is it sufficient to know which tcp port the packet came from in order
to decide which protocol it is?

If so,   you can get this info from the pinfo structure which is
available in the tcp_dissect_pdus() fucntion but not passed to the
get_pdu_len() helper.


Two possibilities:
either you can add a pinfo structure as argument to the get_pdu_len() fucntion
but that would change the signature and need a big patch to change all
its callers   (maybe this is the correct solution)

optionally    you can look at packet-ldap.c which has a similar problem.
packet-ldap.c  first detects whether SASL wrapping is present or not
and then calls either of two different tcp_dissect_pdus() with
different get_len/dissect_payload functions depending on whether the
payload is normal ldap or ldap wrapped inside sasl


you could solve this by
1, have one unique get_len/dissect_payload pair for each protocol that
is transported.
2, in the main dissector function, check pinfo for the ports that were
used in the tcp layer and then
call the appropriate tcp_dissect_pdus() function.

this is probably the easiest solution.


mvh
ronnie s





On 9/12/06, Peter Johansson <Peter.xc.Johansson@xxxxxxxxxxxx> wrote:
Hi!

I have come a across a really old protocol on top of TCP that I want to
be able to decode using wireshark. Unfortunately the protocol's header
is "polymorphic" and mean different things depending on from which
source port the message is being sent. Hence the length of the PDU
cannot be computed looking at the protocol header alone.
To make it easier to implement desegmentation of this protocol on top of
TCP I would like to use the tcp_dissect_pdus(...) function in
packet-tcp, however the with the information supplied in the callback to
packet-my_own_decoder_with_some_obscude_header I cannot determine the
PDU length. To do this properly I would require the packet_info
structure also being passed along in the call from packet-tcp's
tcp_dissect_pdus.
Would you approve of changing the interface to the function pointer
"guint (*get_pdu_len)(tvbuff_t *, int)" into "guint
(*get_pdu_len)(tvbuff_t *, int, packet_info*)" instead?

Please let me know and I will get on with the changes, supplying a list
of patches asap. Taking the current set of dissectors into account, I
would have to make changes to 66 dissectors in the current version.

/ Regards, Peter
_______________________________________________
Wireshark-dev mailing list
Wireshark-dev@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-dev