Hi William,
please excuse I didn't see you mail earlier - I'm using this mail
account for several mailinglists, so there is high traffic in it. In
case anyone wants to send me a mail and wants to be sure I read it, it
can be sent to - let's say - "tipc AT izac DOT de".
I added the possibility to dissect TIPCv2 data in June. This was too
late for the 0.99.6 version of Wireshark so you have to take it from
SVN. You can just copy epan/dissectors/packet-tipc.c from there.
Additionally I added the dissection of bundler messages. Reassembling
of v2 fragmented packages is the next task I'm planning to do. Please
let me know if anyone needs that, that will speed things up.
Now you can add a dissector for an specific port name by adding the
following to your "handoff" function:
dissector_add("tipcv2.port_name_type", my_port_n_type, my_protocol_handle);
Since - anyone please correct me if I'm wrong - there could be "Direct
Addressed Messages" which have *no* port name set, I additionally
added the option just to trigger for all TIPC messages containing
data. This was ok for a simple plugin I wrote since I was only using
one protocol encapsulated in TIPC messages in my network. I also used
several port names and was too lazy to always change settings. You can
trigger them by doing:
dissector_add("tipc.usr", 2, vsim_handle);
Could anyone clarify for what reason "Directed Addressed Messages"
could occure, I acctually never traced them.
I coded the option to use heuristic dissectors for you and will send
you a patch in a seperate, direct mail so you can evaluate that. I'll
also attach the plugin I wrote to dissect encapsulated data by
triggering for "tipc.usr" and a sample trace.
Best regards,
Martin
On 9/13/07, Kinahan, William P SIK <[EMAIL PROTECTED]> wrote:
>
>
>
> I'm trying to build a dissector plug-in for my protocol which utilizes TIPC.
> It appears that the current TIPC package for Wireshark doesn't support
> heuristic subdissectors. Has anyone out there built one of these? Would you
> be willing to share your solution or suggestions? My goal is to key off the
> "tipcv2.port_name_type" field which will trigger my dissector.
>
> I've tried emulating what I see in the UDP package provided with Wireshark,
> but I'm unable to get it working.
>
> Bill Kinahan
> Chief Software Architect
> Sikorsky Aircraft
> (203)386-3551
> Fax (860)998-5575
> -------------------------------------------------------------------------
> This SF.net email is sponsored by: Microsoft
> Defy all challenges. Microsoft(R) Visual Studio 2005.
> http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
> _______________________________________________
> tipc-discussion mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/tipc-discussion
>
>
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2005.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
tipc-discussion mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/tipc-discussion
