[Wireshark-dev] How to reassemble protocol running atop udp?
Hi all, one of our proprietary protocols that runs atop udp is being fragmented on application level. We are using a datagram header for each fragment that provides a fragment index and the length of the fragmented data that follows after the header. As the protocol had not been fragmented in the original design we already have a protocol dissector for that case. Now, my question is how to change the existing dissector to handle fragmented datagrams. Yes, I read the readme.developer file (section 2.7), but it still remains unclear to me: - the tcp_dissect_pdus() method can't be used as the protocol runs atop udp, right? - if the second method (modifying the pinfo struct) has to be used, does that mean that the tvbuff adds up until enough data is present to dissect the data? If yes, how are the fragments displayed in Wireshark? Could I build up a tvbuff without the header data to use it with the dissector for unfragmented data? Well, perhaps you could provide some help or point me in the right direction. Best regards, Lars SEW-EURODRIVE GmbH Co KG Kommanditgesellschaft, Sitz: Bruchsal, RG Mannheim HRA 230970 Komplementärin: SEW-EURODRIVE Verwaltungs-GmbH, Sitz: Bruchsal, RG Mannheim HRB 230207 Gesellschafter und Geschäftsführer: Rainer Blickle, Jürgen Blickle Geschäftsführer: Hans Sondermann, Bernd P. Uckrow ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-dev
Re: [Wireshark-dev] How to reassemble protocol running atop udp?
Thanks Abhik, I had a look at the first reference you mentioned, but it seemed to be too specific to TCP reassembly. Have to admit that I did not read the chapter in the Developer's Guide, hmm, but I will read it thoroughly, now. Regards, Lars SEW-EURODRIVE GmbH Co KG Kommanditgesellschaft, Sitz: Bruchsal, RG Mannheim HRA 230970 Komplementärin: SEW-EURODRIVE Verwaltungs-GmbH, Sitz: Bruchsal, RG Mannheim HRB 230207 Gesellschafter und Geschäftsführer: Rainer Blickle, Jürgen Blickle Geschäftsführer: Hans Sondermann, Bernd P. Uckrow -Ursprüngliche Nachricht- Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Auftrag von Abhik Sarkar Gesendet: Dienstag, 24. Juli 2007 10:02 An: Developer support list for Wireshark Betreff: Re: [Wireshark-dev] How to reassemble protocol running atop udp? Hi! Something similar was discussed very recently: http://www.wireshark.org/lists/wireshark-dev/200707/msg00192.html Also, this link might help: http://www.wireshark.org/docs/wsdg_html_chunked/ChDissectReassemble.html The first example is for a UDP based protocol! Best regards, Abhik. On 7/24/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: Hi all, one of our proprietary protocols that runs atop udp is being fragmented on application level. We are using a datagram header for each fragment that provides a fragment index and the length of the fragmented data that follows after the header. As the protocol had not been fragmented in the original design we already have a protocol dissector for that case. Now, my question is how to change the existing dissector to handle fragmented datagrams. Yes, I read the readme.developer file (section 2.7), but it still remains unclear to me: - the tcp_dissect_pdus() method can't be used as the protocol runs atop udp, right? - if the second method (modifying the pinfo struct) has to be used, does that mean that the tvbuff adds up until enough data is present to dissect the data? If yes, how are the fragments displayed in Wireshark? Could I build up a tvbuff without the header data to use it with the dissector for unfragmented data? Well, perhaps you could provide some help or point me in the right direction. Best regards, Lars SEW-EURODRIVE GmbH Co KG Kommanditgesellschaft, Sitz: Bruchsal, RG Mannheim HRA 230970 Komplementärin: SEW-EURODRIVE Verwaltungs-GmbH, Sitz: Bruchsal, RG Mannheim HRB 230207 Gesellschafter und Geschäftsführer: Rainer Blickle, Jürgen Blickle Geschäftsführer: Hans Sondermann, Bernd P. Uckrow ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-dev ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-dev ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-dev
Re: [Wireshark-dev] How to get plugin version from myPlugin.dll ?
Thanks, Graham, that's what I expected to happen, too. But if i hover over the dll (it is Win32, forgot to mention, sorry ) it only says application extension. The property tab only lists empty data like title, comment, author, I'm using the VS 6 compiler and the Wireshark 0.99.4 sources. One of the disassemblers I tried reported: Resource Table is Missing. Any ideas? Thanks, Lars SEW-EURODRIVE GmbH Co KG Kommanditgesellschaft, Sitz: Bruchsal, RG Mannheim HRA 230970 Komplementärin: SEW-EURODRIVE Verwaltungs-GmbH, Sitz: Bruchsal, RG Mannheim HRB 230207 Geschäftsführer: Rainer Blickle, Jürgen Blickle, Hans Sondermann, Bernd P. Uckrow -Ursprüngliche Nachricht- Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Auftrag von Graham Bloice Gesendet: Mittwoch, 9. Mai 2007 11:41 An: Developer support list for Wireshark Betreff: Re: [Wireshark-dev] How to get plugin version from myPlugin.dll ? [EMAIL PROTECTED] wrote: Hi, I wrote some plugin dissectors for different proprietary protocols. As the protocols changed, I changed the plugin versions in moduleInfo.h, too. Now I have a bunch of dlls named myPlugin.dll, but I can't determine their version string. My plugins' versions are listed in Wireshark-About-Plugins, but how can I determine them just from the dlls? I tried several disassemblers, but didn't find the version string. Could you give me a hint? Win32 or other? For win32 the info should be built into the resources in the dll and is displayed in the tooltip when you hover your mouse over the dll in an Explorer window. You can see more if you right click on the dll and select properties and go to the version tab. -- Regards, Graham Bloice Software Developer Trihedral UK Limited Tel: +44 (0)1224 258910 ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-dev ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-dev