Re: Anyone working on a Syncthing dissector?

[Martin Mathieson via Wireshark-dev <wireshark-dev () wireshark org>]

Hi,

I have a simple dissector (private) which just calls protoc --decode, reads
the output from a pipe and shows the output using "data-text-lines".  In my
environment, I have quite a few protobuf protocols that change often.

I basically have a table whose columns are:
- .UDP port number
-  proto file name
- top-level protobuf message name
And I have a preference that points to the folder that contains the .protof
files and protoc.

I automatically update the list of UDP ports the dissector listens on in
the handoff function.  The dissector looks up by port number and calls
protoc with the appropriate arguments.

I am guessing I am unusual in having multiple 'unstable' protobuf-based
protocols to support on not well-known ports?  Mine is a different use-case
from having a public, stable protocol on a well-known port, but I still
want to be able to see the details of the decode.

Regards,
Martin





On Fri, Nov 9, 2018 at 9:03 AM Maciej Krüger <mkg20001 () gmail com> wrote:

> Hi,
>
> I have written a still WIP (but mostly abandoned) dissector for libp2p
> which also uses protobuf.
>
> https://github.com/mkg20001/libp2p-dissector
>
> This might give you some inspiration. Especially the CMakeLists.txt
> could be useful
>
> https://github.com/mkg20001/libp2p-dissector/blob/master/CMakeLists.txt#L49-L80
>
> I also am using a patched version of protobuf-c which allows getting the
> offsets for each of fields so they can be highlighted in the UI easily:
>
> https://github.com/mkg20001/libp2p-dissector/blob/master/packet-secio.c#L309-L315
>
>
> Maciej
>
>
> Am 09.11.18 um 09:52 schrieb Antoine d'Otreppe:
> > Hi Peter, hi Anders,
> >
> > Thanks for the pointers! I'll look into it and report back here when I
> have more information on the topic.
> > Cheers,
> > Antoine
> >
> >
> >
> >
> > ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
> > On Friday, November 9, 2018 9:32 AM, Anders Broman <
> anders.broman () ericsson com> wrote:
> > > -----Original Message-----
> > >
> > > > From: Wireshark-dev wireshark-dev-bounces () wireshark org On Behalf Of
> Peter
> > > > Wu
> > > > Sent: den 9 november 2018 00:22
> > > > To: Antoine d'Otreppe a.dotreppe () aspyct org; Developer support list
> for
> > > > Wireshark wireshark-dev () wireshark org
> > > > Subject: Re: [Wireshark-dev] Anyone working on a Syncthing dissector?
> > > > Hi Antoine!
> > > > Based on the specifications for Syncthing, it appears that it uses
> Protobuf
> > > > for defining its messages:
> > > > https://docs.syncthing.net/specs/
> > > > I am not sure how well protobuf is currently supported on Wireshark,
> you
> > > > could scan the issue tracker and code review site to see if there is
> any
> > > > current work in that area.
> > > > Kind regards,
> > > > Peter
> > > > https://lekensteyn.nl
> > > > (pardon my brevity, top-posting and formatting, sent from my phone)
> > > Hi,
> > > I think these pending commits are relevant:
> > > https://code.wireshark.org/review/#/c/22892/
> > > https://code.wireshark.org/review/#/c/23988/
> > >
> > > Regards
> > > Anders
> > >
> > > On November 8, 2018 9:32:50 PM GMT+01:00, Antoine d'Otreppe
> > > a.dotreppe () aspyct org wrote:
> > >
> > > > Hi there,
> > > > I'm interested in learning more about wireshark in general, and in
> > > > particular learning how to make my own dissectors.
> > > > I just happened to find a protocol that doesn't seem to have any
> > > > dissector for it yet: syncthing. https://syncthing.net/ The local
> > > > discovery protocol looks easy enough to begin with, as it is only UDP
> > > > broadcasts.
> > > > Your developer guide recommends to send a mail before starting
> > > > development to check if anyone else would be working on a similar
> > > > topic. That sounds reasonable :)
> > > > Anybody working on that protocol yet?
> > > > Regards,
> > > > Antoine d'Otreppe
> > > Sent via: Wireshark-dev mailing list wireshark-dev () wireshark org
> > > Archives: https://www.wireshark.org/lists/wireshark-dev
> > > Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
> > > mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
> > >
> > > Sent via: Wireshark-dev mailing list wireshark-dev () wireshark org
> > > Archives: https://www.wireshark.org/lists/wireshark-dev
> > > Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
> > > mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
> ___________________________________________________________________________
> > Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
> > Archives:    https://www.wireshark.org/lists/wireshark-dev
> > Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
> >              mailto:wireshark-dev-request () wireshark org
> ?subject=unsubscribe
> ___________________________________________________________________________
> Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
> Archives:    https://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
>              mailto:wireshark-dev-request () wireshark org
> ?subject=unsubscribe
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe