Wireshark mailing list archives

Re: Bypassing the first layer

From: Dario Lombardo <lomato () gmail com>
Date: Tue, 14 Jan 2020 16:47:04 +0100

You can use export_pdu. This is a layer with multiple attributes (see
epan/exported_pdu.h), but the only really needed is the proto_name, that
allows you to directly call a dissector by its name.
You will have frames with this stack: FRAME/EXPORT PDU/RTPS, that is
properly dissected by wireshark.

On Tue, Jan 14, 2020 at 4:33 PM Juanjo Martin Carrascosa <juanjo () rti com>
wrote:

Hi everyone,

RTPS is a protocol already supported by Wireshark. I have been helping
maintain that protocol these past years. It sits on top of TCP and UDP, as
well as some other transports that are not network ones (Shared Memory
typically with a proprietary implementation).

We are currently working on implementing a new logging mechanism for our
product, mainly to address the Shared Memory scenario but it can also be
really useful when RTPS is used on top of network protocols.

Problem: We can log the RTPS layer but we don't have some information in
our middleware like the Frame or Ethernet information, so we need to make
it up. This is ugly, so I am trying to avoid that:

How can I register a protocol so it is picked up instead of the Frame
layer? This is, I want to create a new protocol that detects that the
information we generate is for that protocol and the Frame protocol is not
called, but the new protocol I am creating. This new protocol will then
call the RTPS protocol to dissect the payload I want to display. We are
planning to also add some information to this custom protocol, that's why I
want it to be called first.

Note: I just came up with this solution, but if you have a different
solution for this, please let me know.

Thanks,
Juanjo Martin
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org
?subject=unsubscribe




-- 

Naima is online.

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe

Current thread:

Bypassing the first layer Juanjo Martin Carrascosa (Jan 14)
- Re: Bypassing the first layer Dario Lombardo (Jan 14)
  - Re: Bypassing the first layer Juanjo Martin Carrascosa (Jan 15)
    - Re: Bypassing the first layer Anders Broman via Wireshark-dev (Jan 15)
    - Re: Bypassing the first layer Juanjo Martin Carrascosa (Jan 15)
    - Re: Bypassing the first layer Dario Lombardo (Jan 15)
    - Re: Bypassing the first layer Juanjo Martin Carrascosa (Jan 15)
    - Re: Bypassing the first layer Dario Lombardo (Jan 15)
    - Re: Bypassing the first layer Juanjo Martin Carrascosa (Jan 15)
    - Re: Bypassing the first layer Anders Broman via Wireshark-dev (Jan 15)