Ethereal-dev: [Ethereal-dev] Re: New dissector for Red Hat/Fedora netdump

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: ronnie sahlberg <ronniesahlberg@xxxxxxxxx>
Date: Thu, 12 May 2005 17:46:49 -0400
the sigcomp dissector is already a new style dissector.
all sigcomp packets MUST start with 0xf8 as the first byte.
If the first byte is not 0xf8 then sigcomp will reject it.
So that is the first thing you need.


Question: can netdump packets start with the byte 0xf8 as the first octet?
If netdump does not then everything is sweet.



So,
Try this:
Change netdump to be a heuristic dissector.
Since netdump is always using port 6666  you can use the heuristics :
1,   test if src port or dst port is 6666    if not it is not netdump
and return 0 from the heuristic dissector.
2,  test the first few bytes and see if they match what should be netdump.



can you send me a example capture file and your current dissector and
i can look at it.




On 5/12/05, Eric Paris <eparis@xxxxxxxxxxxxxx> wrote:
> So what is appropriate for me to get this dissector in without these
> priorities?   If anyone has a SIGCOMP capture I can play with I can make
> sure my heuristic registration doesn't conflict with that traffic.  In
> my original testing some of my packets were showing up as SIGCOMP, but I
> eliminated that when I implemented conversations.  I believe this is
> because we test for conversations first.  
> 
> What do I need to do to my dissector to get it accepted?
> 
> Eric
> 
> 
> On Wed, 2005-04-27 at 11:39 +0200, martin.regner@xxxxxxxxx wrote:
> > Ronnie Sahlberg wrote:
> > > 
> > > Maybe we should then change the proto registration code to allow
> > > multiple new-style dissectors to register on the same port?
> > 
> > Yes, I think that is something to consider, maybe in combinations with
> other improvements.
> > 
> > It would be good to consider some kind of prioritization scheme for in
> what order different dissectors are called based on how weak heuristics they
> are using and similar.
> > I would also like to have a possibility to save "decode as" settings on
> permantent basis (including
> > priority settings etc.)
> > 
> > I think I have written some mails to the list about some preliminar ideas
> I had some months
> > ago, but I haven't had time to look so much further yet.
> > 
> > I have noticed that several of my collegues are getting problems due to
> that they get
> > certain packets decoded with wrong dissector.
> 
> _______________________________________________
> Ethereal-dev mailing list
> Ethereal-dev@xxxxxxxxxxxx
> http://www.ethereal.com/mailman/listinfo/ethereal-dev
>