Wireshark-dev: Re: [Wireshark-dev] Unable to add my dissector for tcp.dstport
From: Guy Harris <[email protected]>
Date: Fri, 11 Jan 2008 23:57:59 -0800
Vikas Jain wrote:

The protocol for which I am implementing my dissector has messages both that are sent by the client to the server port 50505 and and by the server (from port 50505) to the client. The messages are different in both the directions and each of these messages has a message_id field as the first field whose value is not globally unique. Therefore, it is possible for me to get a Message_X (message_id = 1) going to port 50505 and get a Message_Y (message_id = 1) coming from port 50505. So, in order to dissect/parse the messages correctly, I need the sense of direction.
Then you look at pinfo->destport.

However, you can use the same dissect_foo() routine to dissect *both* directions; if the messages have completely different formats, do
static void dissect_foo(tvbuff_t* tvbuf, packet_info* pinfo, proto_tree* 
tree)
{
    if (pinfo->destport == 50505)
	dissect_foo_request(tvbuf, pinfo, tree);
    else
	dissect_foo_response(tvbuf, pinfo, tree);
}

with separate dissect_foo_request() and dissect_foo_response() routines in the same file.
I added the following to the dissect_foo() function yesterday and I think this is what Abhik is probably referring to as well:
void dissect_foo(tvbuff_t* tvbuf, packet_info* pinfo, proto_tree* tree)
{
    if ( (pinfo->ptype != PT_TCP) || (pinfo->destport != 50505) )
       return;
That means that responses won't get dissected at all - and you don't 
need to check for PT_TCP, as long as you only register with "tcp.port" - 
you won't get called for a UDP or SCTP port