This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Hi,

I work on a dissector which decode a UDP based protocol. For each UDP packets I have a moludp64 packet which can contain one or more message blocks. Each message block is encode in another protocol, and I will implement these others protocols. What is the best way to make this happen? Is it my moludp64 dissector which must be calling the others dissectors?

Thanks for you help

asked 22 Mar '11, 03:23

chronidev's gravatar image

chronidev
11557
accept rate: 0%

edited 22 Mar '11, 07:05

Jaap's gravatar image

Jaap ♦
11.7k16101


The best way is to create a subdissector table. This table can be indexed by a number or string, and can be used by you moludp64 dissector to call subdissectors. These subdissectors have to register themselves with this table, for a particular number or string in order to get called.

This is a basic de-multiplexing schema used at all (transport) protocol layers. For instance the same happens from the IP dissector to the UDP, TCP, SCTP dissector, based on protocol ID. And from TCP dissector to the HTTP, TELNET, FTP dissector, based on port number. Have a look at packet-udp.c for example.

permanent link

answered 22 Mar '11, 07:12

Jaap's gravatar image

Jaap ♦
11.7k16101
accept rate: 14%

Thank you Jaap, it's very interresting.

(22 Mar '11, 16:33) chronidev
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×637
×158
×20

question asked: 22 Mar '11, 03:23

question was seen: 4,381 times

last updated: 22 Mar '11, 16:33

p​o​w​e​r​e​d by O​S​Q​A