Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.
Wireshark logo

Wireshark-dev: [Wireshark-dev] Unparsed remaining data, dynamically loading protocol descriptio

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: heinrich5991@xxxxxxxxx
Date: Thu, 25 Feb 2021 00:16:26 +0100
Hi all,

thanks for maintaining this amazing project. I've been using Wireshark
for many years and it remains my go-to program for debugging network
issues or security problems. :)

I'm currently working on polishing the dissector[1] for the
Teeworlds[2]/DDNet[3] protocol. Writing the dissector was only possible
due to the nice documentation, README.dissector, README.heuristic,
README.plugins were all very nice to read. You can see a somewhat recent
example of the dissector in this screenshot[4].

I have two questions: First, Teeworlds packets are usually segmented
into smaller chunks, and these chunks can have unparsed data at the end.
In the top-level protocol, one could simply return less than
tvb_reported_length(tvb) so the remaining bytes show up as "Data", but
because the packet is divided in chunks, the unparsed bytes are actually
in the middle of the packet. How would one go about marking these bytes?

The other thing is that I dynamically generate some parts of the
dissector by reading a JSON file[5]. This is due to the fact that
Teeworlds has sets of incompatible network messages, so I thought it'd
make sense for the user to be able to change this JSON spec file at runtime.

I saw other dissectors re-executing the handoff function when the
options change, however the field registration happens in the register
function. What is the difference between these two functions? Could I
just move everything over to the handoff function and re-execute that if
the spec file changes? Is it even safe to register new protocol fields
at runtime? (I assume you can't delete old ones.) Or would you suggest
another approach?

Finally, I hope this is the correct place to ask these questions. Is
there some chat room where smaller questions could be asked?

Kind regards,
heinrich5991

[1]:
https://github.com/heinrich5991/libtw2/blob/ce1308a8893be257c7f43075536f278e723ac09b/wireshark-dissector/src/lib.rs
[2]: https://www.teeworlds.com/
[3]: https://ddnet.tw/
[4]:
https://heinrich5991.de/teeworlds/libtw2/random/2021-02-14-dissector.png
[5]:
https://github.com/heinrich5991/libtw2/blob/ce1308a8893be257c7f43075536f278e723ac09b/gamenet/generate/spec/ddnet-15.2.5.json
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube