Dissector add conversation with dynamic / ephemeral port

asked 2022-05-09 18:33:09 +0000

Krain21 gravatar image

updated 2022-05-09 22:09:06 +0000

Hello,

I am working on a new dissector for my own protocol. So far it is working well.

However I was not able to successfully use "conversations" with dynamic ports. The protocol first uses a predefined port. Later, when the peer shares his port with the server, I wish to add the second (or possibly third) so that these messages are also dissected. Right now the part where the port changed shows up as "TCP".

I have read the relevant part in README.dissector, but it seems to be outdated. I also tried to look into packet-ftp.c and similar files, but those do not seem to utilize conversations the way I intend to.

The lines I added in the code: //dissector handle declared at start of file

static dissector_handle_t tb_conv_handle;

//in the dissect_message routing where the port is mentioned

    conv_port = tvb_get_ntohs(message_tvb, PEER_PORT_OFFSET);
    conversation_t *conversation = find_conversation(pinfo->num, &pinfo->src, &pinfo->dst, ENDPOINT_TCP, conv_port , conv_port, NO_ADDR2|NO_PORT2);

if(conversation == NULL){
              conversation = conversation_new(pinfo->num, &pinfo->src, &pinfo->dst, ENDPOINT_TCP, conv_port , conv_port, NO_ADDR2|NO_PORT2);
              conversation_set_dissector(conversation, tb_conv_handle);
        }

//in the proto_register_tb routine

tb_conv_handle = create_dissector_handle(dissect_tb_tcp, proto_tb);

Are there any additional steps that I missed? Does anyone happen to know a dissector, where converations are used in a similar way?

edit retag flag offensive close merge delete