This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

conversations and multiplexing

0

How to write dissector in this case:
My protocol contains internal channel number (one udp stream contains multiply data streams).
Calling another dissector(A), which is using conversations creates bug:
[udp.src1->udp.dst1] [myproto.ch==1] SomeData1ForAnotherDissector1(X)
[udp.src1->udp.dst1] [myproto.ch==2] SomeData2ForAnotherDissector1(Y)
[udp.src1->udp.dst1] [myproto.ch==1] SomeData1ForAnotherDissector2(Z)
[udp.src1->udp.dst1] [myproto.ch==2] SomeData2ForAnotherDissector2(W)
But dissector A known only about one Stream XYZW

asked 22 Jul '15, 02:31

Andrew%20Chernyh's gravatar image

Andrew Chernyh
6112
accept rate: 0%

So your protocol runs over UDP, and other protocols run over it? And a single UDP conversation carrying your protocol can have different subprotocols for different channels in your protocol?

(22 Jul '15, 13:15) Guy Harris ♦♦

Yes. My answer is about TDMoP protocol dissector. Protocol header contains source and dest TDM channel, and they are independent. I think, that tdmoe protocol dissector has same trouble: subaddress for channel identification. Calling of lapd_handle (lapd-bitstream), will give wrong result when multiply streams (same source mac, dest mac, but not same subaddress) captured.

(22 Jul '15, 20:00) Andrew Chernyh

One Answer:

0

You'll need to pass the channel number from your dissector to dissector A, and have it use both the UDP conversation and channel number to determine which subdissector to call.

Ideally, the libwireshark notion of conversations would be more general, and your dissector would create a TDMoP conversation which would be indexed by source and destination IP addresses, source and destination ports, and the channel number, and a dissector could be associated with a TDMoP conversation.

answered 23 Jul '15, 14:33

Guy%20Harris's gravatar image

Guy Harris ♦♦
17.4k335196
accept rate: 19%