Wireshark mailing list archives

Previous By Date Next
Previous By Thread Next

How to parse a protocol with two different PDU types in a single connection?

From: Kaul <mykaul () gmail com>
Date: Sat, 7 Nov 2009 22:27:00 +0200
Hello,

I have a protocol that begins with a PDU of type A ('link' state), then
switches after it performed some negotiation to a PDU type B ('data' state).
I've tried something similar to:
conversation = find_conversation(pinfo->fd->num, &pinfo->src, &pinfo->dst,
pinfo->ptype, pinfo->srcport, pinfo->destport, 0);
    if (!conversation) {
        conversation = conversation_new(pinfo->fd->num, &pinfo->src,
&pinfo->dst, pinfo->ptype, pinfo->srcport, pinfo->destport, 0);
    }

    myproto_info =
(myproto_conversation_t*)conversation_get_proto_data(conversation,
proto_myproto);
    if(!myproto_info) {
        /* We don't yet have a conversation, so create one. */
        myproto_info = se_alloc0(sizeof(myproto_conversation_t));
        myproto_info->destport = pinfo->destport; /* Useful to differ
between c2s and s2c packets */
        myproto_info->pdu_type_A = TRUE;
        conversation_add_proto_data(conversation, proto_myproto,
myproto_info);
    }

    if (myproto_info->pdu_type_A == TRUE) {
        /* If we are still in the link state part of the protocol */
        tcp_dissect_pdus(tvb, pinfo, tree, myproto_desegment, 16,
get_myproto_link_pdu_len, dissect_myproto_link_pdu);
    } else {
        tcp_dissect_pdus(tvb, pinfo, tree, myproto_desegment, 16,
get_myproto_data_pdu_len, dissect_myproto_data_pdu);
    }

And in dissect_myproto_link_pdu():
if (myproto_info->destport == pinfo->destport) {
    /* dissectC2S messages */
} else {
  /* S2C messages - and turn off pdu_type_A ! */
 myproto_info->pdu_type_A = FALSE;
}

This doesn't work well. Once I turn it off, nothing is dissected any more -
as if it won't reach the first tcp_dissect_pdus() line anymore - even for
other conversations.

1. Is my approach correct?
2. Any hint as to what I'm doing wrong here?

TIA,
Yaniv.

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Previous By Date Next
Previous By Thread Next

Current thread: