Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-bugs: [Wireshark-bugs] [Bug 5956] kNet (KristalliNet) dissector for Wireshark

Date: Tue, 16 Aug 2011 05:33:04 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5956

--- Comment #12 from Kari Vatjus-Anttila <kari.vatjus-anttila@xxxxxx> 2011-08-16 05:33:04 PDT ---
(In reply to comment #10)
> Hi,
> 
> It is not possible to make a unique dissector for UDP/TCP/SCTP ? the payload is
> the same for the 3 Transports Layer ?
> 

Hi, and thanks for your review! In fact UDP and TCP have quite different
structure.

Please have a look here :

http://dl.dropbox.com/u/22820793/Bachelors%20-%20Developing%20the%20kNet%20packet%20dissector%20for%20Wireshark%20protocol%20analyzer.pdf

Page 12 describes the structure of UDP and TCP datagrams.

SCTP in the other hand is pretty similar to TCP at the moment. The main
difference is that the TCP dissector can handle fragmented packets which SCTP
doesn't have. SCTP is fairly new thing to Kristalli Net, because we implemented
it just shortly. The author of kNet will most likely change the SCTP protocol
structure somehow in some point. So what do you think, is it wise to merge
these three dissectors into a single file or should we keep them as is?

> Also from packet-knet-tcp.c (and packet-knet-stcp.c)
> 
>         proto_tree_add_bytes_format(tree, hf_knet_msg_messageid, buffer,
> *offset, 1, NULL, "Message ID: PingRequest (%d)",messageid );
> 
> Why not use FT_UINT8 with value_string table ? 
> 

Ok, the dissect_messageid() function has been changed to use value_string
table. Is it ok now?

>         g_string_append_printf(info_field, "PingRequest ");
> Why not use directly col_append_str ?
> 

This has been changed to the new version

>         proto_tree_add_bytes_format(payload_tree, hf_knet_msg_payload, buffer,
> offset, 1, NULL, "PingID: %d", value);
> 
> Why not use a hf (hf_knet_msg_payload_pingid...) by type of payload ?

This was a little bit unclear. Can you clarify it a little bit more? I hope
that the dissector will soon be in a good shape so it can be added to Wireshark
:).  I'll upload the new version of the dissector soon. Keep up the good work!

-Cheers Kari

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
You are watching all bug changes.