Wireshark-dev: Re: [Wireshark-dev] Define dissector port
From: "Hal Lander" <hal_lander@xxxxxxxxxxx>
Date: Sun, 21 Jan 2007 08:34:11 -0900
Thanks Jaap,

I used heur_dissector_add for the parent protocol "tcp" and things seem to be working.
I would like to understand a bit more about what is going on though.

There is a function
    /* Find a dissector table by table name. */
    extern dissector_table_t find_dissector_table(const char *name);

So after I have added my heuristic dissector I should be able to call
   tbl=find_dissector_table("tcp");

and see my dissector?

Does anybody have a code snippit to show how to loop the table and see the dissectors?
Where is the table structure defined?

Most importantantly what determines the order in which the heuristic dissectors are called, and how can I make sure mine is called first?

TIA
Hal

/** Add a sub-dissector to a heuristic dissector list.
*  Call this in the proto_handoff function of the sub-dissector.
*
* @param name the name of the "parent" protocol, e.g. "tcp"
* @param dissector the sub-dissector to be registered
* @param proto the protocol id of the sub-dissector
*/
extern void heur_dissector_add(const char *name, heur_dissector_t dissector,
   int proto);



From: Jaap Keuter <jaap.keuter@xxxxxxxxx>
Reply-To: Developer support list for Wireshark <wireshark-dev@xxxxxxxxxxxxx>
To: Developer support list for Wireshark <wireshark-dev@xxxxxxxxxxxxx>
Subject: Re: [Wireshark-dev] Define dissector port
Date: Tue, 16 Jan 2007 20:39:19 +0100 (CET)

Hi,

Have a look in epan/packet.h and search for "heur".

Thanx,
Jaap

On Tue, 16 Jan 2007, Hal Lander wrote:

> I am still struggling with this.
> Is there any documentation on heur_dissector_add and where/how to call it?
>
> Also I presume from Guy's posting I have to add my protocol into some
> tables?
>
> Hal
>
> >From: "sharon lin" <sharon.lin.1@xxxxxxxxx>
> >Reply-To: Developer support list for Wireshark
> ><wireshark-dev@xxxxxxxxxxxxx>
> >To: "Developer support list for Wireshark" <wireshark-dev@xxxxxxxxxxxxx>
> >Subject: Re: [Wireshark-dev] Define dissector port
> >Date: Tue, 16 Jan 2007 17:51:11 +0200
> >
> >Add
> >heur_dissector_add("udp", dissect_fring, proto_fring);
> >   heur_dissector_add("tcp", dissect_fring, proto_fring);
> >
> >On 1/16/07, Hal Lander <hal_lander@xxxxxxxxxxx> wrote:
> >>
> >>The word 'heuristic' only appears once in 'readme.developer', and although
> >>I
> >>have skimmed through the whole document I seem to have missed where it
> >>tells
> >>you how to make a dissector heuristic.
> >>
> >>Can you be more specific about where there is an example?
> >>Can plugins be heuristic dissectors?
> >>
> >>Once a dissector is heuristic will it just look on all ports?
> >>
> >>Hal
> >>
> >>
> >>
> >> >From: Guy Harris <guy@xxxxxxxxxxxx>
> >> >Reply-To: Developer support list for Wireshark
> >> ><wireshark-dev@xxxxxxxxxxxxx>
> >> >To: Developer support list for Wireshark <wireshark-dev@xxxxxxxxxxxxx>
> >> >Subject: Re: [Wireshark-dev] Define dissector port
> >> >Date: Mon, 15 Jan 2007 10:37:39 -0800
> >> >
> >> >Hal Lander wrote:
> >> > > Is there a way to get a dissector to run on all ports?
> >> >
> >> >A dissector that runs on all ports would have to be a heuristic
> >> >dissector (otherwise, you wouldn't be able to dissect any TCP/UDP
> >> >traffic except for traffic for your protocol).
> >> >
> >> >So the way you'd do that would be to have your dissector be able to look
> >> >at a packet and determine whether it's a packet for your protocol or
> >> >not, and use a check for that sort in your dissector.  See
> >> >doc/README.developer for information on how to make a heuristic
> >> >dissector. The name of the heuristic dissector table for TCP is "tcp",
> >> >and the table for UDP is "udp".
>
>

_______________________________________________
Wireshark-dev mailing list
Wireshark-dev@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-dev

_________________________________________________________________
The MSN Entertainment Guide to Golden Globes is here. Get all the scoop. http://tv.msn.com/tv/globes2007/?icid=nctagline2