Hi,
I have two dissectors specified in different files. One TCP and the other UDP. The protocols I am dissecting both use the same magic, in TCP or in UDP. When opening a cap, during packet dissection it seems both dissectors are called on a UDP packet. In the output I get informations from the UDP dissector....and the TCP dissector.
How is that possible ? Each dissector is registered using the correct udp.port or tcp.port table. How can a dissector be triggered on a packet type it's not registered for ?
Stripped/Simplified code :
DISSECTOR_A = Proto ("DISSECTOR_A", "A udp Protocol")
-- register to handle udp port range
local function register_udp_port_range(start_port, end_port)
if not start_port or start_port <= 0 or not end_port or end_port <= 0 then
return
end
udp_port_table = DissectorTable.get("udp.port")
for port = start_port,end_port do
udp_port_table:add(port,DISSECTOR_A)
end
end
register_udp_port_range(7400,65000)
function DISSECTOR_A.dissector (buffer, pinfo, tree)
subtree = tree:add (DISSECTOR_A, buffer())
-- Modify columns
pinfo.cols.protocol = DISSECTOR_A.name
pinfo.cols.info = "PROTOCOL A"
dissection etc etc
end
function DISSECTOR_A.init ()
packet_counter = 0
end
Other dissector :
DISSECTOR_B = Proto ("DISSECTOR_B", "B tcp Protocol")
– register to handle tcp port range
local function register_tcp_port_range(start_port, end_port)
if not start_port or start_port <= 0 or not end_port or end_port <= 0 then
return
end
tcp_port_table = DissectorTable.get("tcp.port")
for port = start_port,end_port do
tcp_port_table:add(port,DISSECTOR_B)
end
end
register_tcp_port_range(7400,65000)
function DISSECTOR_B.dissector (buffer, pinfo, tree)
subtree = tree:add (DISSECTOR_B, buffer())
– Modify columns
pinfo.cols.protocol = DISSECTOR_B.name
pinfo.cols.info = "PROTOCOL B"
end
function DISSECTOR_B.init ()
packet_counter = 0
end
Thanks
asked 02 Jan ‘14, 03:54
lepolac
16●4●4●6
accept rate: 0%
