Wireshark mailing list archives

Re: Index of multiple protocol frames in one packet?

From: Pascal Quantin <pascal.quantin () gmail com>
Date: Mon, 12 Oct 2015 17:42:54 +0200

2015-10-12 17:35 GMT+02:00 Jeff Morriss <jeff.morriss.ws () gmail com>:

On 10/06/15 02:17, Pascal Quantin wrote:



2015-10-06 8:07 GMT+02:00 Petr Gotthard <petr.gotthard () centrum cz
<mailto:petr.gotthard () centrum cz>>:

    Hello,

    Is there a way to distinguish multiple frames of the same protocol
    in one TCP/IP packet? I have several small AMQP frames which all fit
    into a single IP frame, so they share a single packet_info
    structure.When I call p_add_proto_data() for the second AMQP frame,
    it (obviously) overwrites data stored for the first frame, so I need
    to distibguish between them somehow.

    Is there a counter that would tell me "this is a third AMQP frame in
    this pinfo"? I found packet_info->curr_layer_num, but this is useful
    for nested frames (like IP in IP). Is there something similar for
    groupped frames, please?


Hi Peter,

I'm not sure we have such counter, but
https://code.wireshark.org/review/#/c/10579/ suggested the use of
tvb_raw_offset as key for p_(add|get)_proto_data() functions which seems
a good tradeoff.


Actually there is such a counter in frame_data: subnum.  But it's not
widely used: for now it's only used in EPL, RRC, and UMTS_FP.



Thanks for the hint Jeff (I did not know this one).

It appears that frame_data.c is only setting it to 0, and that increment
need to be handled directly by dissectors. So it means that for a wider
usage, (tcp|udp)_dissect_pdus() function (among others) should be modified
so as to increment it when calling a new subdissector.

Cheers,
Pascal.

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe

Current thread:

Index of multiple protocol frames in one packet? Petr Gotthard (Oct 05)
- Re: Index of multiple protocol frames in one packet? Pascal Quantin (Oct 05)
  - Re: Index of multiple protocol frames in one packet? Jeff Morriss (Oct 12)
    - Re: Index of multiple protocol frames in one packet? Pascal Quantin (Oct 12)
    - Re: Index of multiple protocol frames in one packet? Anders Broman (Oct 12)
    - Re: Index of multiple protocol frames in one packet? Jeff Morriss (Oct 12)
- Re: Index of multiple protocol frames in one packet? Anders Broman (Oct 05)