Wireshark · Wireshark-dev: Re: [Wireshark-dev] How to register a dissector for a specific traffic type?

Wireshark-dev: Re: [Wireshark-dev] How to register a dissector for a specific traffic type?

From: Guy Harris <guy@xxxxxxxxxxxx>

Date: Tue, 20 Nov 2007 13:06:58 -0800

Yves Geissbühler wrote:

I have several protocols running on top of each other: TCP > MPA (RFC5044) > [DDP (RFC 5042) | RDMAP (RFC 5040)].
Currently, I am calling my DDP/RDMAP dissector as a subdissector frommy MPA dissector. Because my DDP/RDMAP dissector could also be usedon top of SCTP (replacing TCP and MPA) calling it as a subdissectorfrom my MPA dissector does not seem to be the right solution anymore.It would make more sense if my DDP/RDMAP dissector would get calledwhenever there is MPA or SCTP traffic. So I would like to register myDDP/RDMAP dissector for these to types of traffic.

I don't think you want to have your dissector be the *only* dissectorfor the payload of SCTP traffic - that'd prevent the dissection of anyother protocol atop SCTP.

Therefore, there needs to be some way to arrange that only *some* SCTPtraffic be treated as DDP traffic.


There are a couple of ways of doing that:

1) have your dissector register with the SCTP dissector to be calledfor particular SCTP port or PPI values (if there's a fixed value, usethat, otherwise make the value a preference);


	2) have your dissector be a heuristic dissector.

In which manner do I have to return (in the proto_reg_handoff_mpa()?)from my MPA dissector such that a call to heur_dissector_add("mpa",dissect_ddp_rdmap, proto_ddp_rdmap) in my DDP/RDMAP dissector wouldwork?

If this is DDP over SCTP, with no MPA involved (MPA appears to existbecause TCP is byte-stream-oriented rather than packet-oriented; SCTP ispacket-oriented so that's not an issue), the MPA dissector wouldn't beinvolved at all.

If the DDP dissector registers for a specific SCTP port or PPI, youwould call


	dissector_add("sctp.port", {port number}, {handle for DDP dissector});

or

	dissector_add("sctp.ppi", {PPI number}, {handle for DDP dissector});

in proto_reg_handoff_ddp().

If the DDP dissector is heuristic - which I infer from "such that a callto heur_dissector_add("mpa", dissect_ddp_rdmap, proto_ddp_rdmap) in myDDP/RDMAP dissector would work?" that it is - you would call


	heur_dissector_add("sctp", dissect_ddp_rdmap, proto_ddp_rdmap);

in proto_reg_handoff_ddp().

Follow-Ups:
- Re: [Wireshark-dev] How to register a dissector for a specific traffic type?
  - From: Anders Broman

References:
- [Wireshark-dev] How to register a dissector for a specific traffic type?
  - From: Yves Geissbühler

Prev by Date: Re: [Wireshark-dev] Extending wireshark's capture capabilities
Next by Date: Re: [Wireshark-dev] proto_filter_names hash collision
Previous by thread: [Wireshark-dev] How to register a dissector for a specific traffic type?
Next by thread: Re: [Wireshark-dev] How to register a dissector for a specific traffic type?
Index(es):
- Date
- Thread