> 1. How do we declare that port 901 is HTTP, and should be dissected with
> dissect_http? This could be solved if we have some mechanism involving
> preferences where we can bind http to multiple ports. The dissector simply
> retrieves a list of ports and adds itself for each.
The same way NetMon does this, by using heuristic dissectors. The "problem"
with Ethereal is that you can't give the mechanism a clue about what
protocols to try. Maybe dissect_try_heur() or some function like that could
search a list with "preferences". BTW heuriostic dissectors do work in
Ethereal, I have coded my own RTP/RTCP dissector to make them heuristic so
I can just add a IP number and UDP port to a conversation and give the dissector
a way to decide whether the current frame is meant to be decoded by it.
The problem with optimising the work to be done in dissect_try_heur() is
that you're never sure if you missed something. Also, sometimes the
preferences will say that a certain frame should be decoded by protocol
A, but on runtime protocol B added dissect_C() to the heuristic tree,
which dissector should decode the frame?
I think the easiest solution is to convert "problematic" dissectors to
heuristic dissectors, not all dissecors ;-)
Am I clear enough?
--
Andreas Sikkema
andreas.sikkema@xxxxxxxxxxx
"Standing barefoot in a river of clues, most people would
not get their toes wet." - Brian Kantor in a.s.r.
