Wireshark · Ethereal-dev: [PATCH] packet-snmp.c (was: Re: [Ethereal-dev] dissector port clash (e.g. SNMP vs. TFTP))

Ethereal-dev: [PATCH] packet-snmp.c (was: Re: [Ethereal-dev] dissector port clash (e.g. SNMP v

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Thomas Anders <thomas.anders@xxxxxxxxxxxxx>

Date: Wed, 12 May 2004 12:11:57 +0200

Thomas Anders wrote:

Martin Regner wrote:

One way of solving this particular problem could maybe be to add a
preference setting in SNMP
dissector that specifies if it should start up a conversation.


I had exactly the same idea, especially since most real-world SNMP
traffic (as in the sample capture) actually either goes to or from
one of the well-known ports (161,162), so the conversation code
just introduces problems instead of benefits. What I'm wondering
is if we should rather solve this individually per dissector or more
generally, given that a dozen dissectors seem to use similar code
here.


Following up myself, the attached patch for packet-snmp.c implements
a new preference setting that decides whether to start a conversation.
Default is true for backward compatibility.

Works for me. Please review and apply. (Feel free to check in with
a better preference setting description.)

On a related note, the thread
http://www.ethereal.com/lists/ethereal-dev/200404/msg00283.html
looks extremely relevant, but unfortunately has stopped.


+Thomas

--
Thomas Anders (thomas.anders at blue-cable.de)

--- packet-snmp.c.FCS	2004-01-23 11:25:08.000000000 +0100
+++ packet-snmp.c	2004-05-12 12:01:19.000000000 +0200
@@ -155,6 +155,9 @@
 /* desegmentation of SNMP-over-TCP */
 static gboolean snmp_desegment = TRUE;
 
+/* whether to start a conversation */
+static gboolean snmp_start_conversation = TRUE;
+
 static dissector_handle_t snmp_handle;
 static dissector_handle_t data_handle;
 
@@ -2285,7 +2288,7 @@
 	 * the destination address of this packet, and its port 2 being
 	 * wildcarded, and give it the SNMP dissector as a dissector.
 	 */
-	if (pinfo->destport == UDP_PORT_SNMP) {
+	if (snmp_start_conversation && (pinfo->destport == UDP_PORT_SNMP)) {
 	  conversation = find_conversation(&pinfo->src, &pinfo->dst, PT_UDP,
 					   pinfo->srcport, 0, NO_PORT_B);
 	  if (conversation == NULL) {
@@ -2499,6 +2502,11 @@
 	    "Whether the SNMP dissector should desegment all messages "
 	    "spanning multiple TCP segments",
 	    &snmp_desegment);
+	prefs_register_bool_preference(snmp_module, "start_conversation",
+	    "Start a conversation",
+	    "Whether the SNMP dissector should always start a conversation. "
+	    "Enable to dissect SNMP conversations between two non-well-known ports.",
+	    &snmp_start_conversation);
 }
 
 void

Follow-Ups:
- RE: [PATCH] packet-snmp.c (was: Re: [Ethereal-dev] dissector port clash(e.g. SNMP vs. TFTP))
  - From: Grant Williams

References:
- [Ethereal-dev] dissector port clash (e.g. SNMP vs. TFTP)
  - From: Thomas Anders
- Re: [Ethereal-dev] dissector port clash (e.g. SNMP vs. TFTP)
  - From: Martin Regner
- Re: [Ethereal-dev] dissector port clash (e.g. SNMP vs. TFTP)
  - From: Thomas Anders

Prev by Date: Re: [Ethereal-dev] patch for packet-3g-a11.c to fix typo
Next by Date: [Ethereal-dev] Support for MPLS PW Control Channel Header
Previous by thread: Re: [Ethereal-dev] dissector port clash (e.g. SNMP vs. TFTP)
Next by thread: RE: [PATCH] packet-snmp.c (was: Re: [Ethereal-dev] dissector port clash(e.g. SNMP vs. TFTP))
Index(es):
- Date
- Thread