Hello,
I am currently writing a dissector plugin for my company’s custom protocol. I have recently ran into troubles with tcp separating the packet information. I came across this http://www.wireshark.org/lists/wireshark-dev/200607/msg00112.html and was wondering if someone could clear a few things up for me since I am confused as to how to implement it within my dissector. I took a look at packet-tcp as well as gryphon for an example but I am still a bit confused. Here’s some background on the protocol:
There are 3 headers
BNP: uses one byte to tell if message is heartbeat, data, multi message start, multi message middle, multimessage end. And 2 bytes for the count of the data.
Message: 1 or 2 bytes after the BNP header. There is only 1 message per BNP.
SubMessages: 1 or 2 bytes for ID, 1 byte for cluster, 1 or 2 bytes for data count. There are many submessages under a Message.
In a packet, there can be many BNP messages (1 BNP message carries 1 Message which has many subMessages). In wireshark I want it to look like this
Protocol Name
BNP Type
Message Name
Sub message
Sub message
(hope that came out ok)
What I have done for my dissector is to create a method that takes a whole BNP and sends it to a function that decides which type it is ( a switch statement ) and then sends it to another function to dissect it and output it. So first off, I’m confused as to where to put tcp_dissect_pdus(), if that’s even what I should use. I’m also confused at the Boolean and what true and false mean for it / where to change them. I’m also running into problem with my multi messages. How they work is that when it’s a multimessage start, it has a BNP header, a Message header, and then goes into complete Submessage information. If it is a multimessage middle, it has a BNP header, then goes into complete multimessage information. If it is a multimessage end, it has a BNP header, message header, and complete Submessage information. What I want to do, if to take the whole message start buffer and save it somehow, then append on just the submessage part of the middle and end, then send it to be dissected. I’m not sure how I am able to save the buffer or to append it like this. The reassembling of data is a little confusing to me. If you could provide any help it would be great. I also read something about "conversations" and was wondering if someone could explain / point me to where a document has this explained?
Thank you for your time,
Greg
