Ethereal-dev: RE: [ethereal-dev] On the fly registering of a dissector and a po rt
>
>For implementing the H.323 dissector I have to dissect the H.245 protocol.
>Unfortunbately this protocol is NOT bound to a known tcp port. This
>information is exchanged between two machines using the H.225 protocol.
>Unfortunately after that time I only know one IP address and corresponding
>port number.
>
>What I want to do is this:
>- When I receive a H245 adresss and port I call dissector_add() with the
> correct port number
>- I also call conversation_new() with the correct port and adress and some
> garbage to fill in either dest or src.
>- If the H.245 is called to dissect a frame it checks for a known
> conversation. If the conversation is not known it stops.
>Is it safe to call dissector_add() several times with the same port number?
No. The current implimentation doesn't allow a second dissector on the
same port number. This could be implimented, however the dissectors would
have to return a true/false value signaling that the packet was decoded;
simular to the heuristic dissectors.
>How can I find out if there two or more conversations with the same
>portnumber?
You can't.
> What I want to do is to call dissector_delete() (or simliar)
> when the last conversation with a certain portnumber has stopped.
This is possible, but what happens after the first pass, when a packet is
selected and the detailed decode must be done.
>I could skip the last step, so the problem becomes significantly smaller,
>but the first question remains. Can I call dissector_add during dissection?
Yes you can; with the limitations discussed above.
I suggest that you look at the heuristic dissectors. With them you can
register
a dissector and if you don't handle the packet return a FALSE value to
indicate
that other heuristic dissectors should be called.
Jeff Foster.
jfoste@xxxxxxxxxxxx
