Wireshark-dev: Re: [Wireshark-dev] How to register a dissector for a specific traffic type?

From: Guy Harris <guy@xxxxxxxxxxxx>
Date: Tue, 20 Nov 2007 13:06:58 -0800
Yves Geissb�hler wrote:

I have several protocols running on top of each other: TCP > MPA (RFC 5044) > [DDP (RFC 5042) | RDMAP (RFC 5040)].
Currently, I am calling my DDP/RDMAP dissector as a subdissector from  
my MPA dissector. Because my DDP/RDMAP dissector could also be used  
on top of SCTP (replacing TCP and MPA) calling it as a subdissector  
from my MPA dissector does not seem to be the right solution anymore.  
It would make more sense if my DDP/RDMAP dissector would get called  
whenever there is MPA or SCTP traffic. So I would like to register my  
DDP/RDMAP dissector for these to types of traffic.
I don't think you want to have your dissector be the *only* dissector 
for the payload of SCTP traffic - that'd prevent the dissection of any 
other protocol atop SCTP.
Therefore, there needs to be some way to arrange that only *some* SCTP 
traffic be treated as DDP traffic.
There are a couple of ways of doing that:

1) have your dissector register with the SCTP dissector to be called for particular SCTP port or PPI values (if there's a fixed value, use that, otherwise make the value a preference);
	2) have your dissector be a heuristic dissector.

In which manner do I have to return (in the proto_reg_handoff_mpa()?) from my MPA dissector such that a call to heur_dissector_add("mpa", dissect_ddp_rdmap, proto_ddp_rdmap) in my DDP/RDMAP dissector would work?
If this is DDP over SCTP, with no MPA involved (MPA appears to exist 
because TCP is byte-stream-oriented rather than packet-oriented; SCTP is 
packet-oriented so that's not an issue), the MPA dissector wouldn't be 
involved at all.
If the DDP dissector registers for a specific SCTP port or PPI, you 
would call
	dissector_add("sctp.port", {port number}, {handle for DDP dissector});

or

	dissector_add("sctp.ppi", {PPI number}, {handle for DDP dissector});

in proto_reg_handoff_ddp().

If the DDP dissector is heuristic - which I infer from "such that a call to heur_dissector_add("mpa", dissect_ddp_rdmap, proto_ddp_rdmap) in my DDP/RDMAP dissector would work?" that it is - you would call
	heur_dissector_add("sctp", dissect_ddp_rdmap, proto_ddp_rdmap);

in proto_reg_handoff_ddp().