oops brainfart.
new style dissectors returns an int and not a booelan.
0: this was not my protocol. try someone else.
!0: this WAS my protocol and this were how many bytes i ate.
On 4/26/05, ronnie sahlberg <ronniesahlberg@xxxxxxxxx> wrote:
> heur_dissector_add() is the right first step, but is only really
> appropriate if netdump does use other ports as well.
>
> If netdump is always using port 6666 which clashes with sigcomp then
> the real solution (==more work)
> would be to
> 1, change sigcomp to become a "new style" dissector (==one that
> returns a boolean and not void and which first checks "does this look
> this protocol? if not return 0 and let ethereal try the next possible
> match."
> 2, change netdump to also be a new style dissector.
>
> New style dissectors (all dissectors should eventually be changed to
> new-style since birthday effect and such makes these clashes more
> likely everytime we add a new dissector)
> use new_create_dissector_handle() instead of create_dissector_handle().
>
> Please see packet-xot.c for a small example of it. Notice that the
> main dissector returns 0 if it doesnt think it looks like xot!
>
>
> Both sigcomp and netdump needs to be changed to be new-style.
> Maybe Anders or someone else from the telco crowd can change sigcomp
> to the new style in preparations for netdump ?
>
> Anders?
>
>
> (im reluctant to touch that one myself since i dont use that protocol
> myself and am not familiar at all with it...)
>
>
>
> On 4/25/05, Eric Paris <eparis@xxxxxxxxxxxxxx> wrote:
> > Guess I'm supposed to give an svn diff, so here it is.
> >
> > Eric
> >
> > On Mon, 2005-04-25 at 14:10 -0400, Eric Paris wrote:
> > > Attached is a file packet-netdump.c which should dissect netdump
> > > packets. Netdump is the protocol used to send crash information like
> > > the stack and memory contents to a netdump server when a linux machine
> > > panics/opps.
> > >
> > > This is my first attempt at a dissector, so please let me have any
> > > comments on any problems you see.
> > >
> > > Netdump uses port UDP 6666 which is also defined by packet-sigcomp.c.
> I
> > > don't have any traces which result in parsing these type of packets so
> > > I'm not sure how to make sure it is still picking those up. I found
> > > that just registering port 6666 with dissector_add caused the sigcomp
> to
> > > still get tried and my netdump to never get tried. So I registered
> with
> > > heur_dissector_add and it started trying my dissector second. So I can
> > > only assume that it will get those others. I'm not sure what the
> right
> > > way is to do this. Please comment if this was not right or if there is
> > > a better way.
> > >
> > > I have a netdump capture with netdump traffic but its about 40 megs
> long
> > > (dumping memory does generate a lot of traffic), please let me know if
> > > access to this is needed.
> > >
> > > Eric
> > > _______________________________________________
> > > Ethereal-dev mailing list
> > > Ethereal-dev@xxxxxxxxxxxx
> > > http://www.ethereal.com/mailman/listinfo/ethereal-dev
> >
> >
>