Wireshark mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Multiple messages in one UDP packet

From: Roland Knall <rknall () gmail com>
Date: Fri, 18 Mar 2011 14:14:24 +0100
Hello

In my dissector, which will hopefully be added to the main repository,
I repeatedly call the dissect function to achieve exactly that
functionality.

Basically you have a two step situation. You write a main
dissect_PROTO routine, which will be called by the UDP dissector to
dissect the data.

In it, you extract the first frame from you tvb block, and create a
new one, by the use of

    next_tvb = tvb_new_subset(message_tvb, frameOffset, frameLength,
reported_len);

frameOffset would be the start of the frame in the UDP payload,
frameLength would be the length of the frame, and reported_len you can
get by calling

    reported_len = tvb_reported_length_remaining(message_tvb, 0);

With that information you call a second dissect_PROTO_subset function:

    dissect_PROTO_subset(next_tvb, pinfo, tree);

which operates like any other dissect function.

Repeat the step for every frame in the UDP payload.

regards, Roland


On Fri, Mar 18, 2011 at 2:08 PM, Chipi <norbert.kocsis () gmail com> wrote:

Hi,

I have to write a dissector for an internal protocol over UDP. In some cases
the UDP packets can contain multiple messages (only full messages, so there
wont be any message split up into two UDP packets), and I would like to know
if there is a way to display multiple messages from an udp packet, like
MySQL dissector does over TCP? (it uses tcp_dissect_pdus, but as I saw,
there's no similar functions for udp)
I looked around but I couldn't figure out how to call my dissector multiple
times for the same packet.

So it should look like this:
-- FRAME
-- ETHERNET II FRAME
-- IP FRAME
-- UDP FRAME
-- MY PROTOCOL FRAME
-- MY PROTOCOL FRAME
-- MY PROTOCOL FRAME
-- MY PROTOCOL FRAME


Thanks in advance!

Chipi

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
            mailto:wireshark-dev-request () wireshark org?subject=unsubscribe


___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Previous By Date Next
Previous By Thread Next

Current thread: