Hi,
In my Zabbix dissector I'm currently using
dissector_add_uint_range_with_preference("tcp.port", ZABBIX_TCP_PORTS,
zabbix_handle) to define the TCP ports (defaulting to "10050,10051").
I'm now attempting to use ssl_dissector_add() to dissect also
TLS-encrypted Zabbix protocol packets, using the same ports (that's how
Zabbix works: some agents use TLS, some don't, and they all connect to
the same port on the server). I see port number 0 being used in some
dissectors (for example in packet-kafka.c), but that does not seem to
work. From some comments I understand that it enables to use manual
"Decode as" or something like that.
So, apparently I need to use ssl_dissector_add() with all the configured
ports. I see examples of using range_foreach() to do that, so I used it
like this:
range_t *zabbix_tcp_range;
zabbix_tcp_range = prefs_get_range_value("zabbix", "tcp.port");
range_foreach(zabbix_tcp_range, range_add_zabbix_tls_callback,
NULL);
It seems to work with TLS packets, but now it won't dissect non-TLS
Zabbix packets at all.
In Lua (with my previous dissector) I was able to do simply this:
DissectorTable.get("tcp.port"):add(default_settings.ports,
zabbix_protocol)
DissectorTable.get("tls.port"):add(default_settings.ports,
zabbix_protocol)
and that worked fine, it dissected both TLS and non-TLS packets correctly.
How do I get the same behaviour with C dissector?
Markku