Found the presentation, this is fantastic. Thanks!
On Wed, Jan 15, 2020 at 12:58 PM Anders Broman via Wireshark-dev < wireshark-dev@wireshark.org> wrote: > Hi, > > In the frame layer there is the “Encapsulation type” the way the pcap > format works this indicates how the data following should be interpreted. > > Linktype/encapsulation type is defined at > https://www.tcpdump.org/linktypes.html so one thing you could do is to > design your own DLT > > Add whatever meta data you want and then add the RTPS data at some > position in that structure. You can try this out by using the USER DLTs in > Wireshark > > Or if you do not want to request a DLT from tcpdump ( DO NOT USE ONE > WITHOUT ALLOCATING IT) you could use the Exported PDU DLT defined by > Wireshark > > Epan/exported_pdu.h contains some information. If you would require new > elements for meta information that could be discussed. Adding RTSP data in > > An exported_pdu DLT frame should be simple as an initial test. I think > there is a sharkfest presentation on how to add any protocol data in an > exported pdu frame with text2pcap. > > Regards > > Anders > > > > *From:* Wireshark-dev <wireshark-dev-boun...@wireshark.org> *On Behalf Of > *Juanjo Martin Carrascosa > *Sent:* den 15 januari 2020 12:24 > *To:* Developer support list for Wireshark <wireshark-dev@wireshark.org> > *Subject:* Re: [Wireshark-dev] Bypassing the first layer > > > > Hi Dario, > > > > Could you elaborate on this? I get the idea but my knowledge about the how > is very basic. > > > > How can this help me achieve what I need? > > > > Thanks for the help. > > Juanjo Martin > > > > On Tue, Jan 14, 2020 at 4:48 PM Dario Lombardo <lom...@gmail.com> wrote: > > You can use export_pdu. This is a layer with multiple attributes (see > epan/exported_pdu.h), but the only really needed is the proto_name, that > allows you to directly call a dissector by its name. > > You will have frames with this stack: FRAME/EXPORT PDU/RTPS, that is > properly dissected by wireshark. > > > > On Tue, Jan 14, 2020 at 4:33 PM Juanjo Martin Carrascosa <jua...@rti.com> > wrote: > > Hi everyone, > > > > RTPS is a protocol already supported by Wireshark. I have been helping > maintain that protocol these past years. It sits on top of TCP and UDP, as > well as some other transports that are not network ones (Shared Memory > typically with a proprietary implementation). > > > > We are currently working on implementing a new logging mechanism for our > product, mainly to address the Shared Memory scenario but it can also be > really useful when RTPS is used on top of network protocols. > > > > Problem: We can log the RTPS layer but we don't have some information in > our middleware like the Frame or Ethernet information, so we need to make > it up. This is ugly, so I am trying to avoid that: > > > > How can I register a protocol so it is picked up instead of the Frame > layer? This is, I want to create a new protocol that detects that the > information we generate is for that protocol and the Frame protocol is not > called, but the new protocol I am creating. This new protocol will then > call the RTPS protocol to dissect the payload I want to display. We are > planning to also add some information to this custom protocol, that's why I > want it to be called first. > > > > Note: I just came up with this solution, but if you have a different > solution for this, please let me know. > > > > Thanks, > > Juanjo Martin > > ___________________________________________________________________________ > Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org> > Archives: https://www.wireshark.org/lists/wireshark-dev > Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev > mailto:wireshark-dev-requ...@wireshark.org > ?subject=unsubscribe > > > > > -- > > Naima is online. > > ___________________________________________________________________________ > Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org> > Archives: https://www.wireshark.org/lists/wireshark-dev > Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev > mailto:wireshark-dev-requ...@wireshark.org > ?subject=unsubscribe > > > > > -- > > > > Juanjo Martin > > Principal Application Engineer > > EMEA Services Lead @ Professional Services Group > > Office: +34 958 27 88 62 > > jua...@rti.com > > www.rti.com > <https://protect2.fireeye.com/v1/url?k=ef5c0e3a-b3d6db2c-ef5c4ea1-862f14a9365e-a65581b6c9ebf84e&q=1&e=75a63928-4ca4-405f-a42a-975bcffca831&u=http%3A%2F%2Fwww.rti.com%2F> > > > ___________________________________________________________________________ > Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org> > Archives: https://www.wireshark.org/lists/wireshark-dev > Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev > mailto:wireshark-dev-requ...@wireshark.org > ?subject=unsubscribe -- Juanjo Martin Principal Application Engineer EMEA Services Lead @ Professional Services Group Office: +34 958 27 88 62 jua...@rti.com www.rti.com
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe