Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.
Wireshark logo

Wireshark-bugs: [Wireshark-bugs] [Bug 3225] add ability to parse netdump protocol in wireshark

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: bugzilla-daemon@xxxxxxxxxxxxx
Date: Tue, 10 Feb 2009 10:20:37 -0800 (PST)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3225





--- Comment #6 from Bill Meier <wmeier@xxxxxxxxxxx>  2009-02-10 10:20:35 PDT ---
> Although just so that you're aware, this was written
> using the guide provided in your online developer docs, so there might be a
> need for reconciliation between that and your readme.

You are correct: the Developer Guide document needs to be updated to match
current practice and README.developer. (Ultimately the info README.developer
should presumably be moved into the Developer Guide).
At the very least, there should probably be a few more pointers to
README.developer in various places in the Developer Guide.
> ...
> Not true.  All you have to do is indicate to netdump 
> (via Analyze-decode As...)
> that you want frames on src/dst port 6666 to be decoded as netdump frames,
> rather than sigcomp frames.  It works quite well.
> ...
> I'd just like the option to choose to decode them as
> netdump frames instead.  

Using "Decode As" does, of course, work. Nevertheless, the fact is that the
netdump registration specifically on UDP port 6666 in reg_handoff will be
clobbered by the sigcomp registration (altho the registration of netdump on
"udp.port" for Decode As will remain OK).

How about the following ?

  ...
  static guint gPORT_PREF = 0;
  ...

  void proto_reg_handoff_netdump(void)
  {
      ...
      if (!initalized) {
          netdump_handle = create_dissector_handle(dissect_netdump,
                                                   proto_netdump);
          dissector_add_handle("udp.port", netdump_handle); /* For Decode As */
          initalized = TRUE;
      } else {
          if (CurrentPort != 0)
              dissector_delete("udp.port", CurrentPort, netdump_handle);
      }

      CurrentPort = gPORT_PREF;
      if (CurrentPort != 0)
          dissector_add("udp.port", CurrentPort, netdump_handle);
      }
  }

The above will allow the choice of netdump for decoding frames on UDP port 6666
via Decode As or via a port pref w/o trying to register to UDP port 6666 as a
default at startup.

-----------

It would also be appreciated if you could:

1. Remove the paragraph beginning with 
   " * Copied from WHATEVER_FILE_YOU_USED (where "WHATEVER_FILE_YOU_USED"

2. Use tvb_reported_length rather than tvb_length.
   Essentially: this allows proper handling of capture files in which
   only an initial portion of each packet seen 'on the wire' is saved to the
   capture file.
   (See http://www.wireshark.org/lists/wireshark-dev/200806/msg00347.html)

3. Create a wiki page for the netdump protocol and add a small (partial ?)
   netdump sample capture).
   See http://wiki.wireshark.org/HowToEdit).


   Thanks !


-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube