Mailing List Archive

Can a dissector tell what protocol and port is using it?
Ok. My dissector source has a "registration handoff" function as follows

void
proto_reg_handoff_iquery(void)
{
dissector_add("tcp.port", MY_TCP_PORT1, dissect_myprotocol);
dissector_add("tcp.port", MY_TCP_PORT2, dissect_myprotocol);
dissector_add("udp.port", MY_UDP_PORT1, dissect_myprotocol);
dissector_add("udp.port", MY_UDP_PORT2, dissect_myprotocol);
}

It is easy/possible for the dissect_myprotocol function to tell if the
packet came in via TCP or UDP, and/or tell which port it's on?

--
Mark Atwood |
mra@pobox.com |
http://www.pobox.com/~mra
Re: Can a dissector tell what protocol and port is using it? [ In reply to ]
> It is easy/possible for the dissect_myprotocol function to tell if the
> packet came in via TCP or UDP, and/or tell which port it's on?

At least for TCP and UDP:

if your dissector is an old-style dissector, "pi.ptype" will be
PT_TCP or PT_UDP, depending on which protocol it was inside,
and:

"pi.srcport" will be the source port number of the
packet;

"pi.destport" will be the destination port number of the
packet;

"pi.match_port" will be the port number for the service
(i.e., if the packet was sent *to* the port number you
registered, it'll be equal to "pi.destport", and if it
was sent *from* the port number you registered, it'll be
equal to "pi.srcport");

if your dissector is a new-style dissector, it will be passed as
its second argument a "packet_info" structure, and the "ptype",
"srcport", "destport", and "match_port" members of that
structure will be as described above.