Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: [Wireshark-dev] how to register the dissector

From: "Vladimir Zherdenovsky" <Vladimir.Zherdenovsky@xxxxxxxxxxxxxx>
Date: Fri, 2 Feb 2007 16:56:56 +0200
Title: Re: [Wireshark-dev] about udp dissector

Hi

I have FOO protocol which registered as "udp.port" == 333 for example.

I want to write GOO protocol which should be registered as "foo.num" == 444.

I had add register_dissector_table("foo.num", "FOO NUMBER", FT_UINT16, BASE_DEC); to proto_register_m2ou function, but it doesn't help - goo dissector doesn't accessed.

What is missing?

 

Thanks,

Vladimir

 

 


From: ronnie sahlberg [mailto:ronniesahlberg@xxxxxxxxx]
Sent: Fri 2/2/2007 10:50 AM
To: Developer support list for Wireshark
Cc: Vladimir Zherdenovsky
Subject: Re: [Wireshark-dev] about udp dissector

It was a technique we used previously to rotate between different
buffers without having to use g_malloc/g_free buffers.
Since there might be multiple UDP layers within one and the same
packet (UDP over UDP) we used this as a cheap method to make sure that
two or more consecutive calls to the UDP dissector would use different
buffers.

I have changed the udp dissector now to use the "modern" way to manage
short lived buffers that need not be explicitely freed using
ep_alloc() instead.





On 2/2/07, Vladimir Zherdenovsky <Vladimir.Zherdenovsky@xxxxxxxxxxxxxx> wrote:
> Hello,
>
>
>
> I just want to understand how the udp dissector works and have
> misunderstanding of following codes lines:
>
>
>
>   static e_udphdr udphstruct[4], *udph;
>   static int udph_count=0;
>
>   udph_count++;
>   if(udph_count>=4){
>      udph_count=0;
>   }
>   udph=&udphstruct[udph_count];
>
>
>
> Could anybody explain why 4 and how it works?
>
> Thanks,
>
> vladimir
>
>
>
>