Hello,
I am currently writing a dissector plugin for my company’s custom protocol. I
have recently ran into troubles with tcp separating the packet information. I
came across this
http://www.wireshark.org/lists/wireshark-dev/200607/msg00112.html and was
wondering if someone could clear a few things up for me since I am confused as
to how to implement it within my dissector. I took a look at packet-tcp as well
as gryphon for an example but I am still a bit confused. Here’s some background
on the protocol:
There are 3 headers
BNP: uses one byte to tell if message is heartbeat, data, multi message start,
multi message middle, multimessage end. And 2 bytes for the count of the data.
Message: 1 or 2 bytes after the BNP header. There is only 1 message per BNP.
SubMessages: 1 or 2 bytes for ID, 1 byte for cluster, 1 or 2 bytes for data
count. There are many submessages under a Message.
In a packet, there can be many BNP messages (1 BNP message carries 1 Message
which has many subMessages). In wireshark I want it to look like this
Protocol Name
BNP Type
Message Name
Sub message
Sub message
(hope that came out ok)
What I have done for my dissector is to create a method that takes a whole BNP
and sends it to a function that decides which type it is ( a switch statement )
and then sends it to another function to dissect it and output it. So first
off, I’m confused as to where to put tcp_dissect_pdus(), if that’s even what I
should use. I’m also confused at the Boolean and what true and false mean for
it / where to change them. I’m also running into problem with my multi
messages. How they work is that when it’s a multimessage start, it has a BNP
header, a Message header, and then goes into complete Submessage information.
If it is a multimessage middle, it has a BNP header, then goes into complete
multimessage information. If it is a multimessage end, it has a BNP header,
message header, and complete Submessage information. What I want to do, if to
take the whole message start buffer and save it somehow, then append on just
the submessage part of the middle and end, then send it to be dissected. I’m
not sure how I am able to save the buffer or to append it like this. The
reassembling of data is a little confusing to me. If you could provide any help
it would be great. I also read something about "conversations" and was
wondering if someone could explain / point me to where a document has this
explained?
Thank you for your time,
Greg
___________________________________________________________________________
Sent via: Wireshark-dev mailing list <[email protected]>
Archives: http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:[email protected]?subject=unsubscribe
