Wireshark-dev: Re: [Wireshark-dev] Packet reassembling

From: Gerhard Gappmeier <gerhard.gappmeier@xxxxxxxxxxx>
Date: Wed, 12 Jul 2006 11:27:06 -0000
Hi Jaap

I'm not a wireshark expert yet, but I will try to add a basic chapter
that you can review before committing it to svn.
I will post a patch when I finished it.


Here is some information for Gentoo users who want to
contribute some documentation to wireshark:

The documentation is stored in the source repository
in wireshark/docbook. As the name implies it's in DocBook format.

To be able to generate docbooks you need the docbook dtd and stylesheets. 
Gentoo ~# emerge docbook-xsl-stylesheets
Gentoo ~# emerge docbook-xml-dtd

Of course you need xsltproc if it is not already on your system.
As Docbook editor I can recommend Quanta+ (emerge kde-base/quanta)
See http://quanta.kdewebdev.org/viewscreenshot.php?id=8&application=quanta

Because the actual docbook dtd has version 4.4 you have to change the second 
line in developer-guide.xml from
<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" 
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"; [
to
<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.4//EN" 
"http://www.oasis-open.org/docbook/xml/4.4/docbookx.dtd"; [
.

Or install the old stylesheets additionally.

now you can run "make developer-guide" to generate a single html file
or "make wsdg_html_chunked" to generate chunked files.

You can alse emerge fop to be able to generate PDFs, but fop has a bunch of 
java dependencies you maybe not want.
See "emerge -p fop"

regards,
Gerhard.

On Wednesday 12 July 2006 11:06, Jaap Keuter wrote:
> Hi Gerhard,
>
> Could you write up what you have found out, in a form that could be added
> to the developer guide? Your contribution would be appreciated.
>
> Thanx,
> Jaap
>
> On Wed, 12 Jul 2006, Gerhard Gappmeier wrote:
> > Thanks Ronnie,
> >
> > tcp_dissect_pdus() is perfect and saved me a lot of time.
> >
> > I used the implementation of gryphon to see how it works.
> > It would be a good idea to mention that in the developer-guide.
> >
> > mit freundlichen Grüßen / best regards
> >
> > *Gerhard Gappmeier*
> > ascolab GmbH - automation system communication laboratory
> > Tel.: +49 9131 691 123
> > Fax: +49 9131 691 128
> > Web: http://www.ascolab.com
> > GPG-Key: http://www.ascolab.com/gpg/gg.asc
> >
> > ronnie sahlberg schrieb:
> > > create a conersation for each tcp session to track the packets.
> > >
> > > or use tcp_dissect_pdus() which will do that for you.
> > >
> > > On 7/11/06, Gerhard Gappmeier <gerhard.gappmeier@xxxxxxxxxxx> wrote:
> > >> Hello
> > >>
> > >> I have read the chapter about packet reassembling.
> > >> It's clear except from one point.
> > >>
> > >> If a server has multiple TCP connections to different clients,
> > >> the captured packets can be mixed up from different messages.
> > >> How is this kept in mind?
> > >> Is this tracked automagically by "fragment_add_seq_check" with the
> > >> contents of the "packet_info" structure,
> > >> or is the example in the docs not taking this into account?
> > >> Is one instance of the "msg_fragment_table" and "msg_reassembled_table
> > >> enough" for multiple connections?
> > >> Or do I need one for each connection?
> > >>
> > >> I see at least a problem with the sequence numbers.
> > >> At least my protocol has no sequence number for different chunks,
> > >> so I have to do something like "connection[i].seq_number++" for each
> > >> connection.
> > >> Are there any recommendations?
> > >>
> > >> --
> > >> mit freundlichen Grüßen / best regards
> > >>
> > >> *Gerhard Gappmeier*
> > >> ascolab GmbH - automation system communication laboratory
> > >> Tel.: +49 9131 691 123
> > >> Fax: +49 9131 691 128
> > >> Web: http://www.ascolab.com
> > >> GPG-Key: http://www.ascolab.com/gpg/gg.asc