ANNOUNCEMENT: Live Wireshark University & Allegro Packets online APAC Wireshark Training Session
April 17th, 2024 | 14:30-16:00 SGT (UTC+8) | Online
Wireshark logo

Wireshark-dev: Re: [Wireshark-dev] Multiple messages in one UDP packet

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Roland Knall <rknall@xxxxxxxxx>
Date: Fri, 18 Mar 2011 14:14:24 +0100
Hello

In my dissector, which will hopefully be added to the main repository,
I repeatedly call the dissect function to achieve exactly that
functionality.

Basically you have a two step situation. You write a main
dissect_PROTO routine, which will be called by the UDP dissector to
dissect the data.

In it, you extract the first frame from you tvb block, and create a
new one, by the use of

    next_tvb = tvb_new_subset(message_tvb, frameOffset, frameLength,
reported_len);

frameOffset would be the start of the frame in the UDP payload,
frameLength would be the length of the frame, and reported_len you can
get by calling

    reported_len = tvb_reported_length_remaining(message_tvb, 0);

With that information you call a second dissect_PROTO_subset function:

    dissect_PROTO_subset(next_tvb, pinfo, tree);

which operates like any other dissect function.

Repeat the step for every frame in the UDP payload.

regards, Roland


On Fri, Mar 18, 2011 at 2:08 PM, Chipi <norbert.kocsis@xxxxxxxxx> wrote:
> Hi,
>
> I have to write a dissector for an internal protocol over UDP. In some cases
> the UDP packets can contain multiple messages (only full messages, so there
> wont be any message split up into two UDP packets), and I would like to know
> if there is a way to display multiple messages from an udp packet, like
> MySQL dissector does over TCP? (it uses tcp_dissect_pdus, but as I saw,
> there's no similar functions for udp)
> I looked around but I couldn't figure out how to call my dissector multiple
> times for the same packet.
>
> So it should look like this:
> -- FRAME
> -- ETHERNET II FRAME
> -- IP FRAME
> -- UDP FRAME
> -- MY PROTOCOL FRAME
> -- MY PROTOCOL FRAME
> -- MY PROTOCOL FRAME
> -- MY PROTOCOL FRAME
>
>
> Thanks in advance!
>
> Chipi
>
> ___________________________________________________________________________
> Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
> Archives:    http://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
>             mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe
>
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube