I don't think this is what Anders was talking about. This is about extcap, while I was referring to export_pdu. If you or Anders can reference the right one, that would be great. If you want to have a look at something using export_pdu creating a pcap file, have a loot at the udpdump.c code.
On Wed, Jan 15, 2020 at 2:37 PM Juanjo Martin Carrascosa <jua...@rti.com> wrote: > https://sharkfestus.wireshark.org/assets/presentations18/17.pptx > > On Wed, Jan 15, 2020 at 2:36 PM Dario Lombardo <lom...@gmail.com> wrote: > >> Can you share the link, for future reference? >> >> On Wed, Jan 15, 2020 at 2:15 PM Juanjo Martin Carrascosa <jua...@rti.com> >> wrote: >> >>> Found the presentation, this is fantastic. >>> >>> Thanks! >>> >>> On Wed, Jan 15, 2020 at 12:58 PM Anders Broman via Wireshark-dev < >>> wireshark-dev@wireshark.org> wrote: >>> >>>> Hi, >>>> >>>> In the frame layer there is the “Encapsulation type” the way the pcap >>>> format works this indicates how the data following should be interpreted. >>>> >>>> Linktype/encapsulation type is defined at >>>> https://www.tcpdump.org/linktypes.html so one thing you could do is to >>>> design your own DLT >>>> >>>> Add whatever meta data you want and then add the RTPS data at some >>>> position in that structure. You can try this out by using the USER DLTs in >>>> Wireshark >>>> >>>> Or if you do not want to request a DLT from tcpdump ( DO NOT USE ONE >>>> WITHOUT ALLOCATING IT) you could use the Exported PDU DLT defined by >>>> Wireshark >>>> >>>> Epan/exported_pdu.h contains some information. If you would require new >>>> elements for meta information that could be discussed. Adding RTSP data in >>>> >>>> An exported_pdu DLT frame should be simple as an initial test. I think >>>> there is a sharkfest presentation on how to add any protocol data in an >>>> exported pdu frame with text2pcap. >>>> >>>> Regards >>>> >>>> Anders >>>> >>>> >>>> >>>> *From:* Wireshark-dev <wireshark-dev-boun...@wireshark.org> *On Behalf >>>> Of *Juanjo Martin Carrascosa >>>> *Sent:* den 15 januari 2020 12:24 >>>> *To:* Developer support list for Wireshark <wireshark-dev@wireshark.org >>>> > >>>> *Subject:* Re: [Wireshark-dev] Bypassing the first layer >>>> >>>> >>>> >>>> Hi Dario, >>>> >>>> >>>> >>>> Could you elaborate on this? I get the idea but my knowledge about the >>>> how is very basic. >>>> >>>> >>>> >>>> How can this help me achieve what I need? >>>> >>>> >>>> >>>> Thanks for the help. >>>> >>>> Juanjo Martin >>>> >>>> >>>> >>>> On Tue, Jan 14, 2020 at 4:48 PM Dario Lombardo <lom...@gmail.com> >>>> wrote: >>>> >>>> You can use export_pdu. This is a layer with multiple attributes (see >>>> epan/exported_pdu.h), but the only really needed is the proto_name, that >>>> allows you to directly call a dissector by its name. >>>> >>>> You will have frames with this stack: FRAME/EXPORT PDU/RTPS, that is >>>> properly dissected by wireshark. >>>> >>>> >>>> >>>> On Tue, Jan 14, 2020 at 4:33 PM Juanjo Martin Carrascosa < >>>> jua...@rti.com> wrote: >>>> >>>> Hi everyone, >>>> >>>> >>>> >>>> RTPS is a protocol already supported by Wireshark. I have been helping >>>> maintain that protocol these past years. It sits on top of TCP and UDP, as >>>> well as some other transports that are not network ones (Shared Memory >>>> typically with a proprietary implementation). >>>> >>>> >>>> >>>> We are currently working on implementing a new logging mechanism for >>>> our product, mainly to address the Shared Memory scenario but it can also >>>> be really useful when RTPS is used on top of network protocols. >>>> >>>> >>>> >>>> Problem: We can log the RTPS layer but we don't have some information >>>> in our middleware like the Frame or Ethernet information, so we need to >>>> make it up. This is ugly, so I am trying to avoid that: >>>> >>>> >>>> >>>> How can I register a protocol so it is picked up instead of the Frame >>>> layer? This is, I want to create a new protocol that detects that the >>>> information we generate is for that protocol and the Frame protocol is not >>>> called, but the new protocol I am creating. This new protocol will then >>>> call the RTPS protocol to dissect the payload I want to display. We are >>>> planning to also add some information to this custom protocol, that's why I >>>> want it to be called first. >>>> >>>> >>>> >>>> Note: I just came up with this solution, but if you have a different >>>> solution for this, please let me know. >>>> >>>> >>>> >>>> Thanks, >>>> >>>> Juanjo Martin >>>> >>>> >>>> ___________________________________________________________________________ >>>> Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org> >>>> Archives: https://www.wireshark.org/lists/wireshark-dev >>>> Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev >>>> mailto:wireshark-dev-requ...@wireshark.org >>>> ?subject=unsubscribe >>>> >>>> >>>> >>>> >>>> -- >>>> >>>> Naima is online. >>>> >>>> >>>> ___________________________________________________________________________ >>>> Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org> >>>> Archives: https://www.wireshark.org/lists/wireshark-dev >>>> Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev >>>> mailto:wireshark-dev-requ...@wireshark.org >>>> ?subject=unsubscribe >>>> >>>> >>>> >>>> >>>> -- >>>> >>>> >>>> >>>> Juanjo Martin >>>> >>>> Principal Application Engineer >>>> >>>> EMEA Services Lead @ Professional Services Group >>>> >>>> Office: +34 958 27 88 62 >>>> >>>> jua...@rti.com >>>> >>>> www.rti.com >>>> <https://protect2.fireeye.com/v1/url?k=ef5c0e3a-b3d6db2c-ef5c4ea1-862f14a9365e-a65581b6c9ebf84e&q=1&e=75a63928-4ca4-405f-a42a-975bcffca831&u=http%3A%2F%2Fwww.rti.com%2F> >>>> >>>> >>>> >>>> ___________________________________________________________________________ >>>> Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org> >>>> Archives: https://www.wireshark.org/lists/wireshark-dev >>>> Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev >>>> mailto:wireshark-dev-requ...@wireshark.org >>>> ?subject=unsubscribe >>> >>> >>> >>> -- >>> >>> Juanjo Martin >>> Principal Application Engineer >>> EMEA Services Lead @ Professional Services Group >>> Office: +34 958 27 88 62 >>> jua...@rti.com >>> www.rti.com >>> >>> >>> >>> ___________________________________________________________________________ >>> Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org> >>> Archives: https://www.wireshark.org/lists/wireshark-dev >>> Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev >>> mailto:wireshark-dev-requ...@wireshark.org >>> ?subject=unsubscribe >> >> >> >> -- >> >> Naima is online. >> >> >> ___________________________________________________________________________ >> Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org> >> Archives: https://www.wireshark.org/lists/wireshark-dev >> Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev >> mailto:wireshark-dev-requ...@wireshark.org >> ?subject=unsubscribe > > > > -- > > Juanjo Martin > Principal Application Engineer > EMEA Services Lead @ Professional Services Group > Office: +34 958 27 88 62 > jua...@rti.com > www.rti.com > > > ___________________________________________________________________________ > Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org> > Archives: https://www.wireshark.org/lists/wireshark-dev > Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev > mailto:wireshark-dev-requ...@wireshark.org > ?subject=unsubscribe -- Naima is online.
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe