To me, it makes more sense to separate them into two different dissectors, but I think a conversation is overkill in this case, so I'll present you with a possible third option, and that is to pass whatever information you need from the DDP header in the pinfo->private_data to the RDMA dissector.
There are many examples of various dissectors using the private_data pointer, which is documented in epan/packet_info.h. - Chris -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Yves Geissbuehler Sent: Friday, September 21, 2007 4:59 AM To: Developer support list for Wireshark Subject: [Wireshark-dev] Design Question: more than one protocol perdissector Hi all. I face the situation where two protocols (RDMA on top of DDP) are not always truly two protocols with respect to the protocol headers. RDMA generally uses some parts to of DDP's header fields to represent RDMA messages. But for two of the RDMA messages, RDMA also adds its own header to the DDP header (see also figure). case 1: RDMA uses the DDP header: +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | TCP | MPA | DDP | payload | MPA _PADDING | MAP_CRC | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ case 2: RDMA adds its own header: +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | TCP | MPA | DDP | RDMA | payload | MPA _PADDING | MAP_CRC | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ I see two possibilities to implement this in wireshark: option 1: Use one dissector for both, DDP and RDMA Well, I just put both protocols in one dissector and dissect RDMA header on a per need basis by adding a RDMA subtree to the DDP protocol tree. option 2: Use one dissector for each of the two protocols Since RDMA relies in some cases on the information of the DDP header I would create a 'conversation' for the DDP traffic and attach to it the DDP header information as a data struct. In the RDMA dissector I would get the DDP conversation and retrieve the DDP information that I attached to it previously. Based on this data I would identify what kind of RDMA message it is and dissect the RDMA header if there is any. I would like to ask, if there are any implications or potential issues regarding these two options? Would you accept both options for your wireshark repository? Thanx - Yves _______________________________________________ Wireshark-dev mailing list [email protected] http://www.wireshark.org/mailman/listinfo/wireshark-dev ----------------------------------------- This email may contain confidential and privileged material for the sole use of the intended recipient(s). Any review, use, retention, distribution or disclosure by others is strictly prohibited. If you are not the intended recipient (or authorized to receive for the recipient), please contact the sender by reply email and delete all copies of this message. Also, email is susceptible to data corruption, interception, tampering, unauthorized amendment and viruses. We only send and receive emails on the basis that we are not liable for any such corruption, interception, tampering, amendment or viruses or any consequence thereof. _______________________________________________ Wireshark-dev mailing list [email protected] http://www.wireshark.org/mailman/listinfo/wireshark-dev
