-------------------
The Ethereal project is being continued at a new site. Please go to
http://www.wireshark.org and subscribe to wireshark-dev@wireshark.org.
Don't forget to unsubscribe from this list at
http://www.ethereal.com/mailman/listinfo/ethereal-dev
-------------------
Hi,
my name is Fabio and I'm from Genova, Italy.
I'm developing a plugin dissector for a protocol used by
a telephony over IP application on top of TCP protocol.
Packets have this format:
|<-----------------myMsg------------------->|
|---------+--------+----+------------+--------+--||---+
|tcpHeader|55555555|0000|mesageLenght|messgeId|details|
|---------+--------+----+------------+--------+--||---+
I wrote with good results a dissector that dissect any signle
packet containing one ore more different type of message (messageID)
but when packets are fragmented I don't know what to do.
Example of fragmented Packets:
firstpacket:
|----------+--------+----+------------+--------+-----------+
|tcp header|55555555|0000|mesageLenght|messgeId|veryLong...|
|----------+--------+----+------------+--------+-----------+
^(offsetLastMsg) ^Fragment!
secondpacket:
|----------+----------+
|tcp header|...details|
|----------+----------+
firstpacket:
|----------+--------+--------+-||-+----------+--------+----+
|tcp header|myMsg(1)|myMsg(2)|... |myMsg(N-K)|55555555|0...|
|----------+--------+--------+-||-+----------+--------+----+
^offsetLastMsg^Fragment!
secondpacket:
|----------+------------------------+-||-+--------+
|tcp header|...myMsg(N-K+1)(partial)|... |myMsg(N)|
|----------+------------------------+-||-+--------+
The first tcp header is already dissected and the tvb passed
to my dissector start from the first 55555555.
With the use of tvb->length and the info present in each
if myMsg (mesageLenght) I'm able to determine if a packet
is fragmented.
In the two fragmented case, in the function
dissect_protocol(tvp,pinfo,tree) I would
like to save the current tvb fragmented portion:
if(fragmented reveal condition...)
{
fragmented_flag=1;
previous_tvb = tvb_new_subset(tvb , offsetLastMsg, -1, -1);
}
and when the second part arrive I would like to make a
complete_tvb that contain the new data, something like:
if(fragment_flag)
{
complete_tvb = tvb_merge(previous_tvb, tvb);
}
and dissect complete_tvb instead of this one.
I read the developer manual, README.developer, other dissectors
code and search in the old message and on google but I
can't figure how to do that.
I read the "How to reassemble split packets" in the developer
manual and try to code something similar...but I was not able
to make it work.
I never do a similar work before, please, can someone help me?
Thanks in advance,
Fabio
--
Email.it, the professional e-mail, gratis per te: http://www.email.it/f
Sponsor:
Scegli il tuo canale musicale con un click!
* Entra in www.radiosnj.com
Clicca qui: http://adv.email.it/cgi-bin/foclick.cgi?mid=5179&d=6-9
_______________________________________________
Ethereal-dev mailing list
Ethereal-dev@ethereal.com
http://www.ethereal.com/mailman/listinfo/ethereal-dev
The Ethereal project is being continued at a new site. Please go to
http://www.wireshark.org and subscribe to wireshark-dev@wireshark.org.
Don't forget to unsubscribe from this list at
http://www.ethereal.com/mailman/listinfo/ethereal-dev
-------------------
Hi,
my name is Fabio and I'm from Genova, Italy.
I'm developing a plugin dissector for a protocol used by
a telephony over IP application on top of TCP protocol.
Packets have this format:
|<-----------------myMsg------------------->|
|---------+--------+----+------------+--------+--||---+
|tcpHeader|55555555|0000|mesageLenght|messgeId|details|
|---------+--------+----+------------+--------+--||---+
I wrote with good results a dissector that dissect any signle
packet containing one ore more different type of message (messageID)
but when packets are fragmented I don't know what to do.
Example of fragmented Packets:
firstpacket:
|----------+--------+----+------------+--------+-----------+
|tcp header|55555555|0000|mesageLenght|messgeId|veryLong...|
|----------+--------+----+------------+--------+-----------+
^(offsetLastMsg) ^Fragment!
secondpacket:
|----------+----------+
|tcp header|...details|
|----------+----------+
firstpacket:
|----------+--------+--------+-||-+----------+--------+----+
|tcp header|myMsg(1)|myMsg(2)|... |myMsg(N-K)|55555555|0...|
|----------+--------+--------+-||-+----------+--------+----+
^offsetLastMsg^Fragment!
secondpacket:
|----------+------------------------+-||-+--------+
|tcp header|...myMsg(N-K+1)(partial)|... |myMsg(N)|
|----------+------------------------+-||-+--------+
The first tcp header is already dissected and the tvb passed
to my dissector start from the first 55555555.
With the use of tvb->length and the info present in each
if myMsg (mesageLenght) I'm able to determine if a packet
is fragmented.
In the two fragmented case, in the function
dissect_protocol(tvp,pinfo,tree) I would
like to save the current tvb fragmented portion:
if(fragmented reveal condition...)
{
fragmented_flag=1;
previous_tvb = tvb_new_subset(tvb , offsetLastMsg, -1, -1);
}
and when the second part arrive I would like to make a
complete_tvb that contain the new data, something like:
if(fragment_flag)
{
complete_tvb = tvb_merge(previous_tvb, tvb);
}
and dissect complete_tvb instead of this one.
I read the developer manual, README.developer, other dissectors
code and search in the old message and on google but I
can't figure how to do that.
I read the "How to reassemble split packets" in the developer
manual and try to code something similar...but I was not able
to make it work.
I never do a similar work before, please, can someone help me?
Thanks in advance,
Fabio
--
Email.it, the professional e-mail, gratis per te: http://www.email.it/f
Sponsor:
Scegli il tuo canale musicale con un click!
* Entra in www.radiosnj.com
Clicca qui: http://adv.email.it/cgi-bin/foclick.cgi?mid=5179&d=6-9
_______________________________________________
Ethereal-dev mailing list
Ethereal-dev@ethereal.com
http://www.ethereal.com/mailman/listinfo/ethereal-dev