Hello,
My current project is integrating a small protocol into Wireshark for
analysis and I feel a little out of my depth. The protocol is sent
over TCP on a non-standard port and uses the Sun XDR RPC. I went
through the step-by-step guide of creating a basic dissector, and
Wireshark will recognize it as the new protocol. However, my problem
is that I cannot call dissect_rpc or dissect_rpc_tcp from my dissector
(I'm assuming for some good reason) to dissect the RPC. So I'm
guessing I have to make the RPC dissector properly see it on a
different port (is that right?).
I made sure to initialize my protocol as an RPC using:
rpc_init_prog(proto_foofs, FOO_HEADER, ett_foo_fs);
/* Register the procedure tables */
rpc_init_proc_table(FOO_HEADER, FOO_VERSION, foo_proc, hf_foo_proc);
Where
proto_foofs:
static int proto_foofs = -1;
FOO_HEADER:
#define FOO_HEADER 0xaa
ett_foo_fs:
static gint ett_foo_fs = -1;
FOO_VERSION:
#define FOO_VERSION 1
foo_proc:
static const vsff foo_rpco[] = {
{0, NULL, dissect_null, dissect_null},
{1, "OP", dissect_foo, dissect_foo}
}
Is there something crucial I'm missing here?
I read in the archives
(http://www.ethereal.com/lists/ethereal-dev/199911/msg00094.html) that
it's necessary to make sure the proper header is in COL_PROTOCOL, is
that correct? As in, the packet is identified as an RPC first and
then the RPC dissector looks to find if the header inside matches any
it knows about? If so, how do you direct the RPC dissector to look on
a different port, or are packets on all ports heuristically checked
with all dissectors?
Thanks, I'd appreciate any help!
Andrew
