On Aug 27, 2008, at 7:07 AM, Tom Stevens wrote:
Is it possible to add TCP, UDP and RAW IP handles to one and the
same dissector??
Yes.
Register your dissector with the "ip.proto" dissector, using your
protocol's IP protocol number
dissector_add("ip.proto", YOUR_PROTOCOL_NUMBER, dissector_handle);
Then, if it has a particular TCP port number or if you have a
preference to set the TCP port, register with the "tcp.port" port
number with that port number. If it doesn't have a particular port
number, and want to use "Dissect As..." to connect it with a TCP port,
register it using dissector_add_handle():
dissector_add_handle("tcp.port", dissector_handle);
And if your dissector, when running over TCP, is a heuristic
dissector, register the heuristic version of the dissector as a
heuristic dissector for a TCP-based protocol:
heur_dissector_add("tcp", your_heuristic_dissector,
proto_yourprotocol);
although, in that case, you can't use the *exact* same dissector - but
the heuristic and non-heuristic dissectors can use a common routine
that does all the dissection.
For UDP, do as you do with TCP, but replace "tcp.port" with "udp.port"
and "tcp" with "udp".