Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: Ethereal: dev

Can a dissector tell what protocol and port is using it?

 

 

Ethereal dev RSS feed   Index | Next | Previous | View Threaded


mra at pobox

Oct 12, 2000, 4:57 PM

Post #1 of 2 (306 views)
Permalink
Can a dissector tell what protocol and port is using it?

Ok. My dissector source has a "registration handoff" function as follows

void
proto_reg_handoff_iquery(void)
{
dissector_add("tcp.port", MY_TCP_PORT1, dissect_myprotocol);
dissector_add("tcp.port", MY_TCP_PORT2, dissect_myprotocol);
dissector_add("udp.port", MY_UDP_PORT1, dissect_myprotocol);
dissector_add("udp.port", MY_UDP_PORT2, dissect_myprotocol);
}

It is easy/possible for the dissect_myprotocol function to tell if the
packet came in via TCP or UDP, and/or tell which port it's on?

--
Mark Atwood |
mra [at] pobox |
http://www.pobox.com/~mra


guy at netapp

Oct 12, 2000, 5:24 PM

Post #2 of 2 (287 views)
Permalink
Re: Can a dissector tell what protocol and port is using it? [In reply to]

> It is easy/possible for the dissect_myprotocol function to tell if the
> packet came in via TCP or UDP, and/or tell which port it's on?

At least for TCP and UDP:

if your dissector is an old-style dissector, "pi.ptype" will be
PT_TCP or PT_UDP, depending on which protocol it was inside,
and:

"pi.srcport" will be the source port number of the
packet;

"pi.destport" will be the destination port number of the
packet;

"pi.match_port" will be the port number for the service
(i.e., if the packet was sent *to* the port number you
registered, it'll be equal to "pi.destport", and if it
was sent *from* the port number you registered, it'll be
equal to "pi.srcport");

if your dissector is a new-style dissector, it will be passed as
its second argument a "packet_info" structure, and the "ptype",
"srcport", "destport", and "match_port" members of that
structure will be as described above.

Ethereal dev RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.