Wireshark-dev: [Wireshark-dev] Re : dissector_add(tcp.proto... / where to find parameter for di

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Yvan Madec <yvanmadec@xxxxxxxx>
Date: Fri, 24 Apr 2009 15:53:29 +0000 (GMT)
Sorry for my wrong answer.  Considering Guy's answer, this time I hope I'm right:
There is an ip.proto, as you can see in this extract of packet-ip.c

   /* subdissector code */
    ip_dissector_table = register_dissector_table("ip.proto",
        "IP protocol", FT_UINT8, BASE_DEC);

But I don't know how you can use it to determine if it is TCP or UDP in your code, and I'm also interested by this answer. Maybe using pinfo structure and extract the [protocols in frame: eth:ip:udp] to check if there is "udp" or "tcp" inside, but I haven't found yet.

And for your last question, I don't know how to have directly the UDP length without header.

Yvan

De : Armin Zimmermann <Eddie.1@xxxxxx>
À : Developer support list for Wireshark <wireshark-dev@xxxxxxxxxxxxx>
Envoyé le : Vendredi, 24 Avril 2009, 15h53mn 34s
Objet : Re: [Wireshark-dev] dissector_add(tcp.proto... / where to find parameter for dissector_add()


> What you should do is have a *heuristic* dissector, which you would 
> register with
>
>     heur_dissector_add("udp", dissect_red, proto_red);
>
> dissect_red() would return a gboolean - FALSE if the packet isn't a 
> packet for your protocol, TRUE if it is.  It would probably look like
>
>     static gboolean
>     dissect_red(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
>     {
>         if (tvb_reported_length(tvb) != CORRECT_DATA_LENGTH)
>             return FALSE;
>
>         dissect the packet;
>
>         return TRUE;
>     }

Thank you for your answer. The heuristic dissector is exactly what I needed.

But there is another question: How can I check whether it is a UDP-package or a TCP-package? Is there something like ip.proto==0x06 ?
--
Neu: GMX FreeDSL Komplettanschluss mit DSL 6.000 Flatrate + Telefonanschluss für nur 17,95 Euro/mtl.!* http://dslspecial.gmx.de/freedsl-surfflat/?ac=OM.AD.PD003K11308T4569a
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
            mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe