Mailing List Archive

How to add a subprotocol?
The protocol I'm dissecting has a "header" portion, that contains
a "type field", and then a different "payload" for each type.

I'm stratagizing that while I could do it all in one dissector, it
would be "more correct", if possible, to use Ethereal's selection
machinery, and write seperate dissectors for each "type".

So a packet comes in, and the Ethernet dissector does it's thing, and
then then IP dissector does it, and then the UDP dissector does it's part,
and then my "main dissector" does the header, and then one of the
"sub dissector" does the payload.

Possible? Doable? Easy?

--
Mark Atwood |
mra@pobox.com |
http://www.pobox.com/~mra
Re: How to add a subprotocol? [ In reply to ]
> The protocol I'm dissecting has a "header" portion, that contains
> a "type field", and then a different "payload" for each type.
>
> I'm stratagizing that while I could do it all in one dissector, it
> would be "more correct", if possible, to use Ethereal's selection
> machinery, and write seperate dissectors for each "type".
>
> So a packet comes in, and the Ethernet dissector does it's thing, and
> then then IP dissector does it, and then the UDP dissector does it's part,
> and then my "main dissector" does the header, and then one of the
> "sub dissector" does the payload.
>
> Possible? Doable? Easy?

Possible and doable - but if it's only one protocol, I wouldn't use
Ethereal's selection mechanism to do it, as Ethereal's selection
mechanism is intended for use when you have one protocol whose data is
carried inside another protocol, e.g. DNS carried inside UDP carried
inside IP carried inside Ethernet.

Your example sounds more like, for example, the different types of DNS
messages, rather than DNS vs. SNMP vs. RADIUS vs. NetBIOS Name
Service etc.; the DNS dissector doesn't treat each request type as a
different protocol, using "dissector_add()" to register dissectors for
each protocol type.
Re: How to add a subprotocol? [ In reply to ]
On Thu, 12 Oct 2000, Guy Harris wrote:

> Your example sounds more like, for example, the different types of DNS
> messages, rather than DNS vs. SNMP vs. RADIUS vs. NetBIOS Name
> Service etc.; the DNS dissector doesn't treat each request type as a
> different protocol, using "dissector_add()" to register dissectors for
> each protocol type.

I'm not sure if I agree with this example. The DNS dissector doesn't
distinguish between different DNS opcodes (query, update, notify) too
well, and thus doesn't properly handle the differences between them. I'm
not suggesting using multiple dissectors for DNS (or in this case), but I
also wouldn't blindly copy the DNS way too much, since it doesn't go far
enough.

Speaking of which, I'm going to attempt a thorough overhaul of the DNS
code next week. We'll see how far I get :)

Brian