ANNOUNCEMENT: Live Wireshark University & Allegro Packets online APAC Wireshark Training Session
April 17th, 2024 | 14:30-16:00 SGT (UTC+8) | Online
Wireshark logo

Wireshark-dev: Re: [Wireshark-dev] query regarding handoff function

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Guy Harris <guy@xxxxxxxxxxxx>
Date: Mon, 17 Feb 2014 02:44:33 -0800
On Feb 17, 2014, at 12:45 AM, Anders Broman <anders.broman@xxxxxxxxxxxx> wrote:

> On Feb 17, 2014, at 08:29 AM, Rahul Rohit wrote:
> 
>> If the handoff function includes all  those protocols to which the packets can be forwarded for dissection from the current protocol, why the handoff function for sctp does not contain the handle of >NBAP protocol( As depending on the port value the packets from sctp can be forwarded to NBAP protocols , why  NBAP handle is not  in sctp handoff function ) ??
>  
> Because that’s not the way it works J
>  
> proto_reg_handoff_sctp()
>  
> Is called so the SCTP dissector can do its own registrations.
>  
> In void proto_register_sctp(void)
>  
>  
> The SCTP dissector registers two dissector tables.
> sctp_port_dissector_table = register_dissector_table("sctp.port", "SCTP port", FT_UINT16, BASE_DEC);
> sctp_ppi_dissector_table  = register_dissector_table("sctp.ppi",  "SCTP payload protocol identifier", FT_UINT32, BASE_HEX);
>  
> Any dissector wanting to be called from the SCTP dissector needs to register in those tables in its own handoff routine. 

I.e., if protocol X has a payload that could be protocol Y, or Z, or W, depending on some value known to protocol X, it is not the responsibility of the dissector for protocol X's to know about protocols Y, Z, and W, it's the responsibility of the dissectors for protocols Y, Z, and W to know about protocol X and the appropriate values.

Therefore, the SCTP dissector doesn't need to know about the protocols that run on top of it; those protocols need to know about the SCTP port and PPI fields and the values that their protocols use.

That way, when a dissector for a new protocol is added, you don't have to change the dissector for the protocols atop which that protocol runs, you only have to add the new dissector.  For example, if some protocol uses the Ethernet type 0xDEAD, you can add a dissector for that protocol without having to modify the "Ethertype" dissector; you just have that dissector register its handle in the "ethertype" dissector table, with the value 0xDEAD.
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube