TCP message segmentation is now fixed. That was entirely too easy. Thanks for everyone's help.
John, to address your earlier question about the dissector's current formatting of variable-length data... the dissector isn't currently displaying the contents of variable-length data fields in the dissection tree. However, when the packet data view is enabled, selecting a variable-length field will highlight the data in the packet. I'm certainly not arguing that the dissector shouldn't nicely format variable-length fields, I just haven't gotten to it yet. Note that this discussion pertains only to variable-length fields - fixed length fields (i.e. u64) are formatted and displayed in the dissection tree view. Gordon, yes - the dissector currently supports the display of enumerations (their text representation, that is) in the dissection tree. >From: "Chris Delaney" <[EMAIL PROTECTED]> >Reply-To: LLRP Toolkit Development List ><[email protected]> >To: "LLRP Toolkit Development List" ><[email protected]> >Subject: Re: [ltk-d] WireShark Dissector Update [heur] >Date: Wed, 25 Jul 2007 10:54:09 -0700 > >Matt, > >It really sounds like the Wireshark dissector is coming together! >Congrats on the progress. > >I am a little concerned about the TCP segmentation problem. It is very >easy for a RO_ACCESS_REPORT or even a GET_ACCESSSPECS_RESPONSE to exceed >Ethernet MTU and thus be segmented at a TCP layer, so we will need to be >able to decode these frames. I have limited experience with Wireshark >dissectors, but I did find a section in the Wireshark developer's guide >that discusses this problem. > >http://www.wireshark.org/docs/wsdg_html_chunked/ChDissectReassemble.html >#TcpDissectPdus > >Will this help address the issue with large LLRP frames? > >Thanks, > >Chris > >-----Original Message----- >From: [EMAIL PROTECTED] >[mailto:[EMAIL PROTECTED] On Behalf Of >Matt Poduska >Sent: Wednesday, July 25, 2007 9:24 AM >To: [email protected] >Subject: Re: [ltk-d] WireShark Dissector Update [heur] > >I began development of the dissector before the format attribute was >added >to the XML, so no. There are quite a few enhancements that can be made >to >the current dissector, formatting variable data fields is definitely >one. > >One other item of note: since LLRP is layered on TCP, it's possible for >an >LLRP message to be split across multiple packets. In this case, the LLRP > >dissector will fail decode. > > - Matt > > >From: "John R. Hogerhuis" <[EMAIL PROTECTED]> > >Reply-To: LLRP Toolkit Development List > ><[email protected]> > >To: "LLRP Toolkit Development List" > ><[email protected]> > >Subject: Re: [ltk-d] WireShark Dissector Update > >Date: Tue, 24 Jul 2007 15:43:47 -0700 > > > >On 7/24/07, Matt Poduska <[EMAIL PROTECTED]> wrote: > > > we've only just begun work to support runtime definition of vendor > > > extensions. > > > > > >Great news... BTW, there is a bug in Wireshark that shows up with the > >kind of heavy traffic in small packets you see in RFID. You will > >eventually run into it: > > > >http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1124 > > > >Vendor extensions are tricky business. There are still decisions to be > >made here for LTK itself. Some issues that come up include versioning, > >possibly in or out-of-band negotiation of version, strong vs. weak > >typing, LLRP-XML format, filesystem organization of schemas, etc. Some > >of these are less important for Wireshark. > > > >Are you using the format attributes in llrpdef.xml? > > > >-- John. > > > >----------------------------------------------------------------------- >-- > >This SF.net email is sponsored by: Splunk Inc. > >Still grepping through log files to find problems? Stop. > >Now Search log events and configuration files using AJAX and a browser. > >Download your FREE copy of Splunk now >> http://get.splunk.com/ > >_______________________________________________ > >llrp-toolkit-devel mailing list > >[email protected] > >https://lists.sourceforge.net/lists/listinfo/llrp-toolkit-devel > > > >------------------------------------------------------------------------ >- >This SF.net email is sponsored by: Splunk Inc. >Still grepping through log files to find problems? Stop. >Now Search log events and configuration files using AJAX and a browser. >Download your FREE copy of Splunk now >> http://get.splunk.com/ >_______________________________________________ >llrp-toolkit-devel mailing list >[email protected] >https://lists.sourceforge.net/lists/listinfo/llrp-toolkit-devel > > > > >------------------------------------------------------------------------- >This SF.net email is sponsored by: Splunk Inc. >Still grepping through log files to find problems? Stop. >Now Search log events and configuration files using AJAX and a browser. >Download your FREE copy of Splunk now >> http://get.splunk.com/ >_______________________________________________ >llrp-toolkit-devel mailing list >[email protected] >https://lists.sourceforge.net/lists/listinfo/llrp-toolkit-devel ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ llrp-toolkit-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/llrp-toolkit-devel
