Wireshark-dev: Re: [Wireshark-dev] [Patch] update to packet-newmail.c

From: LEGO <luis.ontanon@xxxxxxxxx>
Date: Tue, 3 Oct 2006 19:40:27 +0100

Is it ok to have the preference and register a port (once).

What can cause problems is to register a port instead of creating a
conversation, think in what would happen if it starts to use ports
used by other protocols.

On 10/3/06, Stephen Fisher <stephentfisher@xxxxxxxxx> wrote:

On Wed, Oct 04, 2006 at 01:54:41AM +1000, ronnie sahlberg wrote:

> since this uses a ephemeral port number which changes between runs you
> should not register the dissector to the port itself
>
> much better is to once you have detected that port A on host B uses
> that protocol you create a conversation for host B port A and register
> the dissector for that particular protocol.
>
> you can see examples of how this is done in (i think) the dissector
> for portmapper

There are a couple reasons the dissector itself registers a port.  The
first is that the decode as option doesn't appear to work until it has
registered itself on a port (such as 0).  The second is that there is a
preference setting to always dissect a certain port's traffic as newmail
because you can modify the client's registry to always use the same port
number.  This feature is often used in firewalled environments so all
clients use the same port number every time.  This setting avoids the
need to see the mapi register push notification packet if the port will
always be the same.  I'm open to any ideas on a better way to accomplish
this.


Thanks,
  Steve
_______________________________________________
Wireshark-dev mailing list
Wireshark-dev@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-dev

--
This information is top security. When you have read it, destroy yourself.
-- Marshall McLuhan