Vikas Jain wrote:
The protocol for which I am implementing my dissector has messages both
that are sent by the client to the server port 50505 and and by the
server (from port 50505) to the client. The messages are different in
both the directions and each of these messages has a message_id field as
the first field whose value is not globally unique. Therefore, it is
possible for me to get a Message_X (message_id = 1) going to port 50505
and get a Message_Y (message_id = 1) coming from port 50505. So, in
order to dissect/parse the messages correctly, I need the sense of
direction.
Then you look at pinfo->destport.
However, you can use the same dissect_foo() routine to dissect *both*
directions; if the messages have completely different formats, do
static void dissect_foo(tvbuff_t* tvbuf, packet_info* pinfo, proto_tree*
tree)
{
if (pinfo->destport == 50505)
dissect_foo_request(tvbuf, pinfo, tree);
else
dissect_foo_response(tvbuf, pinfo, tree);
}
with separate dissect_foo_request() and dissect_foo_response() routines
in the same file.
I added the following to the dissect_foo() function yesterday and I
think this is what Abhik is probably referring to as well:
void dissect_foo(tvbuff_t* tvbuf, packet_info* pinfo, proto_tree* tree)
{
if ( (pinfo->ptype != PT_TCP) || (pinfo->destport != 50505) )
return;
That means that responses won't get dissected at all - and you don't
need to check for PT_TCP, as long as you only register with "tcp.port" -
you won't get called for a UDP or SCTP port
