Hi,
Le lundi 30 août 2010 à 21:33 +1000, Edwin Groothuis a écrit :
> Hello,
>
> I have been fighting with find_conversation(), conversation_new()
> and conversation_set_dissector() to find a way to set change the
> TCP payload dissector based on the data in the TCP dissector. All
> coming from section 2.2, 2.3 and 2.4 from README.developer.
>
> Programming-wise it all works, output-wise it doesn't. And now I'm
> wondering if what I want is possible or not.
>
> Short version: If a certain TCP option exist, then the content of
> the TCP payload is not the "well-known" payload associated with the
> TCP port number. So even if the TCP port number is port 80, it still
> isn't HTTP traffic. How do you know? Because there is a TCP option
> which tells me "this is not HTTP, this is an internal protocol.".
>
> In dissect_tcpopt_ourinternal(), I have the following code. Shouldn't
> be too difficult: Get the dissector handle, find the conversation,
> set the new dissector for that conversation:
>
> conversation_t *conversation;
> static dissector_handle_t *ourinternal_handle = NULL;
>
> /*
> * We need to map this TCP session on our own dissector instead of what
> * Wireshark thinks runs on these ports - Edwin
> */
> if (ourinternal_handle == NULL) {
> fprintf(stderr, "Finding ourinternal dissector\n");
> ourinternal_handle = find_dissector("ourinternal");
> }
> if (ourinternal_handle != NULL) {
> fprintf(stderr, "Setting ourinternal dissector? ");
> conversation = find_conversation(pinfo->fd->num,
> &pinfo->src, &pinfo->dst, pinfo->ipproto,
I think pinfo->ipproto isn't the right value, can you try with
pinfo->ptype?
Didier
___________________________________________________________________________
Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org>
Archives: http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
