This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Custom Dissector help!

0

I've got an interesting problem.

I need to create a dissector for a custom protocol, The protocol is very simple and is designed to work on a point to point link as follows.

1 DWORD (32 bits) of Header, the lowest 16 bits of which are a sequence number. Multiples of 8DWORDS which represent Data samples.

I've got the header dissection working, but I can't work out a neat way of chunking up the Data into samples (32 byte chunks following the header).

I've already read the README.developer but couldn't see anything that looks like what I want to do. If anyone could point towards some documentation or an example protocol that would be great.

Thanks in advance!

asked 18 Sep '12, 04:21

CTNOBLE's gravatar image

CTNOBLE
11236
accept rate: 0%

edited 18 Sep '12, 08:41

How are you capturing the data ? or: is the captured data being read from a file ? or what ?

If the data is being read from a file, what is the format ?

How much data is your dissector receiving each time it is called ? 1 DWORD ?

Basically: more information on your setup will help to provide a better answer...

(18 Sep '12, 06:08) Bill Meier ♦♦

Sorry, data is being generated by a packet simulator and echo'd on the local loopback device. It will eventually come from the hardware but right now I have to create the dissector so it's best to not have potentially buggy hardware in the loop.

(18 Sep '12, 08:31) CTNOBLE

One Answer:

1

Use say a DWORD is 32-bits (4 bytes) and that there are multiple of 8 DWORDS following the header, so 8 * 4 = 32 bytes, but then you say you want to chunk the data samples into 64 byte chunks? I'll assume somewhere there's a typo and just pick 32 bytes for the chunk size. If it's 64 byte chunks you want, then it's trivial to change.

So, given:

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |          Sequence Number      |          Unknown              |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                                                               |
   +                                                               +
   |                                                               |
   +                                                               +
   |                                                               |
   +                                                               +
   |                                                               |
   +                          Data Chunk 1                         +
   |                                                               |
   +                                                               +
   |                                                               |
   +                                                               +
   |                                                               |
   +                                                               +
   |                                                               |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                                                               |
   /                                                               /
   /                                                               /
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                                                               |
   +                                                               +
   |                                                               |
   +                                                               +
   |                                                               |
   +                                                               +
   |                                                               |
   +                          Data Chunk N                         +
   |                                                               |
   +                                                               +
   |                                                               |
   +                                                               +
   |                                                               |
   +                                                               +
   |                                                               |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

If the field I've marked above as Unknown is some sort of a length field that you can use to determine the number of chunks, or perhaps a count of the number of chunks, then use that to loop; otherwise, you might use something like the following (Warning: completely untested):

#define CHUNK_SIZE    32

for (i = 1; tvb_reported_length_remaining(tvb, offset) >= CHUNK_SIZE); offset += CHUNK_SIZE, i++) { proto_tree_add_bytes_format(tree, hf_yourproto_data, tvb, offset, CHUNK_SIZE, NULL, "Data Chunk %u: %s", i, tvb_bytes_to_str(tvb, offset, CHUNK_SIZE));

/* Or use tvb_bytes_to_str_punct() ... see epan/tvbuff.h for details */

}

answered 18 Sep ‘12, 08:09

cmaynard's gravatar image

cmaynard ♦♦
9.4k1038142
accept rate: 20%

Sorry, yes, 64 was a typo (I’m too used to working with Hex nibbles).

The unknown feild is currently reserved (this may change in future to provide more information on the chunk size, but never the full packet size.) The protocol is basically sitting in layer 1 and packet begin/end is managed by hardware, similar to ETHERNET.

This looks great! Thanks for the pointers to the string functs.

I’ve got somthing that works for me now.

Thanks guys!

(18 Sep ‘12, 08:34) CTNOBLE