Hi, Le lundi 30 août 2010 à 21:33 +1000, Edwin Groothuis a écrit : > Hello, > > I have been fighting with find_conversation(), conversation_new() > and conversation_set_dissector() to find a way to set change the > TCP payload dissector based on the data in the TCP dissector. All > coming from section 2.2, 2.3 and 2.4 from README.developer. > > Programming-wise it all works, output-wise it doesn't. And now I'm > wondering if what I want is possible or not. > > Short version: If a certain TCP option exist, then the content of > the TCP payload is not the "well-known" payload associated with the > TCP port number. So even if the TCP port number is port 80, it still > isn't HTTP traffic. How do you know? Because there is a TCP option > which tells me "this is not HTTP, this is an internal protocol.". > > In dissect_tcpopt_ourinternal(), I have the following code. Shouldn't > be too difficult: Get the dissector handle, find the conversation, > set the new dissector for that conversation: > > conversation_t *conversation; > static dissector_handle_t *ourinternal_handle = NULL; > > /* > * We need to map this TCP session on our own dissector instead of what > * Wireshark thinks runs on these ports - Edwin > */ > if (ourinternal_handle == NULL) { > fprintf(stderr, "Finding ourinternal dissector\n"); > ourinternal_handle = find_dissector("ourinternal"); > } > if (ourinternal_handle != NULL) { > fprintf(stderr, "Setting ourinternal dissector? "); > conversation = find_conversation(pinfo->fd->num, > &pinfo->src, &pinfo->dst, pinfo->ipproto, I think pinfo->ipproto isn't the right value, can you try with pinfo->ptype?
Didier ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe