Vikas Jain wrote:
> The protocol for which I am implementing my dissector has messages both
> that are sent by the client to the server port 50505 and and by the
> server (from port 50505) to the client. The messages are different in
> both the directions and each of these messages has a message_id field as
> the first field whose value is not globally unique. Therefore, it is
> possible for me to get a Message_X (message_id = 1) going to port 50505
> and get a Message_Y (message_id = 1) coming from port 50505. So, in
> order to dissect/parse the messages correctly, I need the sense of
> direction.
Then you look at pinfo->destport.
However, you can use the same dissect_foo() routine to dissect *both*
directions; if the messages have completely different formats, do
static void dissect_foo(tvbuff_t* tvbuf, packet_info* pinfo, proto_tree*
tree)
{
if (pinfo->destport == 50505)
dissect_foo_request(tvbuf, pinfo, tree);
else
dissect_foo_response(tvbuf, pinfo, tree);
}
with separate dissect_foo_request() and dissect_foo_response() routines
in the same file.
> I added the following to the dissect_foo() function yesterday and I
> think this is what Abhik is probably referring to as well:
>
> void dissect_foo(tvbuff_t* tvbuf, packet_info* pinfo, proto_tree* tree)
> {
> if ( (pinfo->ptype != PT_TCP) || (pinfo->destport != 50505) )
> return;
That means that responses won't get dissected at all - and you don't
need to check for PT_TCP, as long as you only register with "tcp.port" -
you won't get called for a UDP or SCTP port
_______________________________________________
Wireshark-dev mailing list
[email protected]
http://www.wireshark.org/mailman/listinfo/wireshark-dev
