1,
Implement it as a heuristic dissector.
2,
Test for port 6666 in the heuristics and if it fails return 0.
3,
Test that it looks like a netdump packet
and IFF you are convinced it is really netdump,
create a conversation between those two socketpairs and
conversation_set_dissector().
Please see SVN version of packet-snmp.c for how to do this properly,
it has changed slightly in the last few days.
4,
Use the normal dissector for the convresation and still use the
heuristics even for conversations, and return 0 if it didnt look like
netdump.
This allows ethereal to see : there was a new style/heuristic
dissector tied to the conversation but the dissector rejected the
packet so lets try the nromal dissectosd instead.
Thus even if the same port pair is reused for sigcomp it will still work.
I added changed code in ethereal just very recently to address a very
similar issue in the interaction between TFTP and SNMP.
On 5/12/05, Eric Paris <eparis@xxxxxxxxxxxxxx> wrote:
> So what is appropriate for me to get this dissector in without these
> priorities? If anyone has a SIGCOMP capture I can play with I can make
> sure my heuristic registration doesn't conflict with that traffic. In
> my original testing some of my packets were showing up as SIGCOMP, but I
> eliminated that when I implemented conversations. I believe this is
> because we test for conversations first.
>
> What do I need to do to my dissector to get it accepted?
>
> Eric
>
>
> On Wed, 2005-04-27 at 11:39 +0200, martin.regner@xxxxxxxxx wrote:
> > Ronnie Sahlberg wrote:
> > >
> > > Maybe we should then change the proto registration code to allow
> > > multiple new-style dissectors to register on the same port?
> >
> > Yes, I think that is something to consider, maybe in combinations with
> other improvements.
> >
> > It would be good to consider some kind of prioritization scheme for in
> what order different dissectors are called based on how weak heuristics they
> are using and similar.
> > I would also like to have a possibility to save "decode as" settings on
> permantent basis (including
> > priority settings etc.)
> >
> > I think I have written some mails to the list about some preliminar ideas
> I had some months
> > ago, but I haven't had time to look so much further yet.
> >
> > I have noticed that several of my collegues are getting problems due to
> that they get
> > certain packets decoded with wrong dissector.
>
> _______________________________________________
> Ethereal-dev mailing list
> Ethereal-dev@xxxxxxxxxxxx
> http://www.ethereal.com/mailman/listinfo/ethereal-dev
>