Wireshark-dev: Re: [Wireshark-dev] How to reassemble protocol running atop udp?
From: <Lars2B@xxxxxxxxxxxxxxxx>
Date: Tue, 24 Jul 2007 10:22:20 +0200
Thanks Abhik, I had a look at the first reference you mentioned, but it seemed to be too specific to TCP reassembly. Have to admit that I did not read the chapter in the Developer's Guide, hmm, but I will read it thoroughly, now. Regards, Lars SEW-EURODRIVE GmbH & Co KG Kommanditgesellschaft, Sitz: Bruchsal, RG Mannheim HRA 230970 Komplementärin: SEW-EURODRIVE Verwaltungs-GmbH, Sitz: Bruchsal, RG Mannheim HRB 230207 Gesellschafter und Geschäftsführer: Rainer Blickle, Jürgen Blickle Geschäftsführer: Hans Sondermann, Bernd P. Uckrow -----Ursprüngliche Nachricht----- Von: wireshark-dev-bounces@xxxxxxxxxxxxx [mailto:wireshark-dev-bounces@xxxxxxxxxxxxx]Im Auftrag von Abhik Sarkar Gesendet: Dienstag, 24. Juli 2007 10:02 An: Developer support list for Wireshark Betreff: Re: [Wireshark-dev] How to reassemble protocol running atop udp? Hi! Something similar was discussed very recently: http://www.wireshark.org/lists/wireshark-dev/200707/msg00192.html Also, this link might help: http://www.wireshark.org/docs/wsdg_html_chunked/ChDissectReassemble.html The first example is for a UDP based protocol! Best regards, Abhik. On 7/24/07, Lars2B@xxxxxxxxxxxxxxxx <Lars2B@xxxxxxxxxxxxxxxx> wrote: > Hi all, > > one of our proprietary protocols that runs atop udp is being fragmented on application level. > We are using a datagram header for each fragment that provides a fragment index and the length of the fragmented data that follows after the header. As the protocol had not been fragmented in the original design we already have a protocol dissector for that case. > > Now, my question is how to change the existing dissector to handle fragmented datagrams. Yes, I read the readme.developer file (section 2.7), but it still remains unclear to me: > - the tcp_dissect_pdus() method can't be used as the protocol runs atop udp, right? > - if the second method (modifying the pinfo struct) has to be used, does that mean that the tvbuff adds up until enough data is present to dissect the data? If yes, how are the fragments displayed in Wireshark? Could I build up a tvbuff without the header data to use it with the dissector for unfragmented data? > > Well, perhaps you could provide some help or point me in the right direction. > > Best regards, > > Lars > > > > > SEW-EURODRIVE GmbH & Co KG > Kommanditgesellschaft, Sitz: Bruchsal, RG Mannheim HRA 230970 > Komplementärin: SEW-EURODRIVE Verwaltungs-GmbH, Sitz: Bruchsal, RG Mannheim HRB 230207 > > Gesellschafter und Geschäftsführer: Rainer Blickle, Jürgen Blickle > Geschäftsführer: Hans Sondermann, Bernd P. Uckrow > > > > > > > _______________________________________________ > Wireshark-dev mailing list > Wireshark-dev@xxxxxxxxxxxxx > http://www.wireshark.org/mailman/listinfo/wireshark-dev > _______________________________________________ Wireshark-dev mailing list Wireshark-dev@xxxxxxxxxxxxx http://www.wireshark.org/mailman/listinfo/wireshark-dev
- Prev by Date: Re: [Wireshark-dev] How to reassemble protocol running atop udp?
- Next by Date: [Wireshark-dev] QSIG protocol
- Previous by thread: Re: [Wireshark-dev] How to reassemble protocol running atop udp?
- Next by thread: [Wireshark-dev] QSIG protocol
- Index(es):