fabio matturro wrote:
Hello,
I am a first timers at developing plugins, then - please - be
indulgent : )
I would like to dissect a UDP-based protocol. As far as I've
understood, this protocol doesn't always connect to the same port
(neverthless the master uses a range of ports starting from 1025, its
slaves from about 32000).
I have started reading README.developer and other stuff and it
suggests, as a very first step, to write a useless dissector which
simply labels the protocol.
In order to do this it initializes:
static int global_foo_port = 1234;
and lines further:
disector.add ("udp.port", global_foo_port, foo_handle);
Here's the problem
Since there's no predetermined ports how can I initialize the
dissector for this protocol?
[I've read something about "conversion", not very thoroughly, though.
Could it be the answer to my problems :D?]
As I'm not an expert on this, only a little help:
The "conversation" is about the grouping of several packets into a
conversation. This is useful if relationships between packets are
interesting, e.g. to calculate the time between two packets.
IMO what you are looking for is heuristic. This way the lower layer
dissector will ask several upper layer dissectors "do you think this
packet is for you?". The upper layer dissector will try to see if some
characteristics are fulfilled (usually the first few bytes will follow a
protocol specific pattern).
As I don't have much knowledge on this topic, you may read
README.developer, the Developer Guide and, of course, the source code of
some UDP based dissectors...
Regards, ULFL
