Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: Re: [Wireshark-dev] How to reassemble protocol running atop udp?

From: "Abhik Sarkar" <sarkar.abhik@xxxxxxxxx>
Date: Tue, 24 Jul 2007 12:01:36 +0400
Hi!

Something similar was discussed very recently:
http://www.wireshark.org/lists/wireshark-dev/200707/msg00192.html

Also, this link might help:
http://www.wireshark.org/docs/wsdg_html_chunked/ChDissectReassemble.html
The first example is for a UDP based protocol!

Best regards,
Abhik.

On 7/24/07, Lars2B@xxxxxxxxxxxxxxxx <Lars2B@xxxxxxxxxxxxxxxx> wrote:
Hi all,

one of our proprietary protocols that runs atop udp is being fragmented on application level.
We are using a datagram header for each fragment that provides a fragment index and the length of the fragmented data that follows after the header. As the protocol had not been fragmented in the original design  we already have a protocol dissector for that case.

Now, my question is how to change the existing dissector to handle fragmented datagrams. Yes, I read the readme.developer file (section 2.7), but it still remains unclear to me:
- the tcp_dissect_pdus() method can't be used as the protocol runs atop udp, right?
- if the second method (modifying the pinfo struct) has to be used, does that mean that the tvbuff adds up until enough data is present to dissect the data?  If yes, how are the fragments displayed in Wireshark? Could I build up a tvbuff without the header data to use it with the dissector for unfragmented data?

Well, perhaps you could provide some help or point me in the right direction.

Best regards,

Lars




SEW-EURODRIVE GmbH & Co KG
Kommanditgesellschaft, Sitz: Bruchsal, RG Mannheim HRA 230970
Komplementärin: SEW-EURODRIVE Verwaltungs-GmbH, Sitz: Bruchsal, RG Mannheim HRB 230207

Gesellschafter und Geschäftsführer: Rainer Blickle, Jürgen Blickle
Geschäftsführer: Hans Sondermann, Bernd P. Uckrow






_______________________________________________
Wireshark-dev mailing list
Wireshark-dev@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-dev