Hello,
I'm new to ethereal development and needed some help. I have created a heuristic dissector and associated it with all udp packets as follows:
// in the proto_reg_handoff _myproto, after checking initialized
// and creating the proto handle
heur_dissector_add("udp", heur_dissect_myproto, proto_myproto);
// The dissector looks like the following
// the previous ports:
static guint32 previous_src_port = -1;
static guint32 previous_dst_port = -1;
static gboolean heur_dissect_myproto(tvbuff_t *tvb, packet_info *pinfo,
proto_tree *tree)
{
gshort myproto_head;
guint8 myproto_packet_type;
gint offset;
offset = 0;
// Check if there is really any data to parse!
if (tvb_bytes_exist(tvb, 0, tvb_length_remaining(tvb, 0)) == FALSE)
return FALSE;
if (tvb_length_remaining(tvb, 0) < 5)
return FALSE;
// Check for the magic string and the type before parsing further
myproto_head = tvb_get_ntohs(tvb, offset);
if (myproto_head == MY_PROTO_HEAD)
offset += 2;
myproto_packet_type = tvb_get_guint8(tvb, offset);
if (
myproto_head == MY_PROTO_HEAD && myproto_packet_type <= 9)
{
previous_src_port = pinfo->srcport;
previous_dst_port = pinfo->destport;
call_dissector(myproto_handle, tvb, pinfo, tree);
return TRUE;
}
else if (previous_src_port == pinfo->destport &&
previous_dst_port == pinfo->srcport)
{
// I was never able to get the subtree working in the UI
// with my original dissector.
// however any packet that had the MY_PROTO_HEAD worked.
// I guess during detailed information the static vars
// get set to -1. That might be why the detailed info
// didn't show.
previous_src_port = -1;
previous_dst_port = -1;
call_dissector(myproto_handle, tvb, pinfo, tree);
return TRUE;
}
return FALSE;
}
My question is why doesn't detailed information show for the else if statement? Should I just save the port off and add it as a filter, i.e. dissector_add("udp.port", pinfo->destport, myproto_handle)?
_______________________________________________
Ethereal-dev mailing list
Ethereal-dev@xxxxxxxxxxxx
http://www.ethereal.com/mailman/listinfo/ethereal-dev