On 7/25/07, Matt Poduska <[EMAIL PROTECTED]> wrote: > I began development of the dissector before the format attribute was added > to the XML, so no. There are quite a few enhancements that can be made to > the current dissector, formatting variable data fields is definitely one. >
So how do you decide how to format stuff? > One other item of note: since LLRP is layered on TCP, it's possible for an > LLRP message to be split across multiple packets. In this case, the LLRP > dissector will fail decode. > There are a couple of reasons this can happen: one possibility is a logic flaw in your dissector... I don't remember exactly but you need to ask WS for the minimal header # bytes first, and once you have the length you need to request the rest. You cannot just assume the length is right. WS has a whole TCP desegmentation engine (that mostly works, with the caveat from prior email) just for this purpose. I think the function you need to build your dissector around is tcp_dissect_pdus. This smoothes out the data stream by giving you PDUs instead of tcp segments. One other thing that can screw up dissectors is the TCP checksum. This is usually not valid at the point packets hit the pcap shim. You need to disable checking of the TCP checksum in the WS UI. Both of these should be covered sufficiently in the WS manuals and FAQ, and I'm sure folks on WS list can help you since this is a common problem for folks writing dissectors. Hope this helps, -- John. ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ llrp-toolkit-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/llrp-toolkit-devel
