Wireshark · Wireshark-users: Re: [Wireshark-users] LUA dissector - combine data from 2 UDP packets, display issue

[Michael Poroger <bezenchu@xxxxxxxxx>]

Hello all,

I've copied the part of the code which is relevant for the packet combining (attached).

-----------------------------
Michael Poroger

"Science is not only knowledge, science is also to be dare"
Shimon Peres

On Tue, Aug 4, 2020 at 3:39 AM Maynard, Chris via Wireshark-users <wireshark-users@xxxxxxxxxxxxx> wrote:

By the way, in case anyone is interested, attached is the capture file I used to test the “Frag Proto” from https://osqa-ask.wireshark.org/questions/55621/lua-udp-reassembly.

 

- Chris

 

From: Maynard, Chris
Sent: Monday, August 3, 2020 5:42 PM
To: Community support list for Wireshark <wireshark-users@xxxxxxxxxxxxx>
Subject: RE: [Wireshark-users] LUA dissector - combine data from 2 UDP packets, display issue

 

I download the fragproto.lua implementation from the OSQA question and tested it against the data provided; it seemed to work fine.  Without knowing more details about your own dissector, it’s rather difficult to provide more help.  Can you share the basics along with some simple test data?

 

- Chris

 

From: Wireshark-users <wireshark-users-bounces@xxxxxxxxxxxxx> On Behalf Of Michael Poroger
Sent: Friday, July 31, 2020 12:02 PM
To: Community support list for Wireshark <wireshark-users@xxxxxxxxxxxxx>
Subject: Re: [Wireshark-users] LUA dissector - combine data from 2 UDP packets, display issue

 

Something I build by myself. The idea is similar to this implementation (in the answer) - just storing the data between packet X-1 to packet X.

 

Not sure about the actual implementation (as already on weekend), but I think that this is not persistent storage, as if the data in the packet is complete, the storage is set to an empty one. In any case, if packet X-1 does not contain complete data,  this data is available for packet X.

 

-----------------------------
Michael Poroger

"Science is not only knowledge, science is also to be dare"
Shimon Peres

 

 

On Fri, Jul 31, 2020 at 5:27 PM Jeff Morriss <jeff.morriss.ws@xxxxxxxxx> wrote:

 

 

On Fri, Jul 31, 2020 at 8:58 AM Michael Poroger <bezenchu@xxxxxxxxx> wrote:

Hello users :)

I've successfully created a dissector which combines data from 2 UDP packets. Every time I select this kind of packet, I'm getting an error on the packet details on the custom protocol section.

Only when I select the previous packet and then the current packet, I can see the dissection as I expect and without any error.

How to solve the issue?

Probably a question better for the -dev list but...

 

Are you using epan's reassembly routines or something you built yourself?  If it's something you built yourself, are you storing the reassembled data in persistent storage which is available when (re)dissecting the 2nd frame (where the reassembled data is used)?

 

 

 

 

 

 

 

 

 

 

CONFIDENTIALITY NOTICE: This message is the property of International Game Technology PLC and/or its subsidiaries and may contain proprietary, confidential or trade secret information. This message is intended solely for the use of the addressee. If you are not the intended recipient and have received this message in error, please delete this message from your system. Any unauthorized reading, distribution, copying, or other use of this message or its attachments is strictly prohibited.

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    https://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe

Attachment: ex.lua
Description: Binary data