Ask Your Question

dmanderson's profile - activity

overview network karma followed questions activity
2024-03-12 13:31:59 +0000 received badge  Notable Question (source)
2023-06-14 14:48:44 +0000 received badge  Notable Question (source)
2023-06-14 14:48:44 +0000 received badge  Popular Question (source)
2022-04-24 13:32:32 +0000 received badge  Notable Question (source)
2022-04-24 13:32:32 +0000 received badge  Popular Question (source)
2022-03-25 10:55:45 +0000 received badge  Famous Question (source)
2021-05-14 10:21:39 +0000 received badge  Popular Question (source)
2021-04-23 06:58:11 +0000 received badge  Notable Question (source)
2021-02-12 08:44:53 +0000 received badge  Popular Question (source)
2020-08-18 16:51:07 +0000 edited answer Dissector Header Labels

Figured it out by looking at PROTOABBREV.c again and trying several combinations. You'll want to add a declaration to t
2020-08-18 16:50:30 +0000 commented answer Dissector Header Labels

Thanks! Updated answer to reflect that.

2020-08-17 21:03:26 +0000 edited answer Dissector Header Labels

Figured it out by looking at PROTOABBREV.c again and trying several combinations. enter code here You'll want to add a

2020-08-17 21:02:59 +0000 edited answer Dissector Header Labels

Figured it out. You'll want to add a declaration to the static hf_register_info hf[] array that contains the following
2020-08-17 21:02:00 +0000 commented answer Dissector Header Labels

Figured it out.

2020-08-17 21:01:36 +0000 answered a question Dissector Header Labels

Figured it out. You'll want to add a declaration to the static hf_register_info hf[] array that contains the following
2020-08-14 15:40:52 +0000 commented answer Dissector Header Labels

@Jaap So based on that file I've tried several options, but nothing seems to be exactly what I'm looking for, though so
2020-08-14 15:39:47 +0000 commented answer Dissector Header Labels

@Jaap So based on that file I've tried several options, but nothing seems to be exactly what I'm looking for, though so
2020-08-14 15:37:26 +0000 commented answer Dissector Header Labels

So based on that file I've tried several options, but nothing seems to be exactly what I'm looking for, though some come
2020-08-12 19:27:45 +0000 commented answer Dissector Header Labels

Will look at this again, thanks. Will update once I've had some time to go over the file.

2020-08-12 16:55:45 +0000 commented answer Debugging Dissector Read and Dissector Handoff Issue

@grahamb @Guy Harris @Pascal Quantin Thank you all for your help so far. I've gone ahead and accepted this answer since
2020-08-12 16:55:28 +0000 commented answer Debugging Dissector Read and Dissector Handoff Issue

@grahamb @Guy Harris @Pascal Quentin Thank you all for your help so far. I've gone ahead and accepted this answer since
2020-08-12 16:53:51 +0000 asked a question Dissector Header Labels

Dissector Header Labels Hello. I have written a dissector for a subset of a protocol called TC that has two subfields. L
2020-08-12 15:01:42 +0000 marked best answer Debugging Dissector Read and Dissector Handoff Issue

EDIT: As problems have been solved, I've reduced the amount of code shown to make it easier to pinpoint potential issues. Thanks to Pascal Quentin, Guy Harris, and grahamb for all their help so far.

Background:

I've written a dissector for reading a protocol called TC. The subset of this I'm implementing has two headers - a primary header and a segment header. The primary header is 40 bits long, and the segment header is 8 bits long. I will get into more detail as to how the headers are broken down shortly. After parsing the segment header, my intent is to pass the remainder of the packet into the standard ethernet dissector. This means that the protocol is a link layer protocol. The order of headers is as follows: Primary Header, Segment Header, Ethernet Header, IPv4 header. I've configured this protocol to take WTAP_ENCAP_USER10 and have a pcap configured to meet that type that contains two packets meeting its criteria.

The display in wireshark recognizes the protocol and mostly has the correct breakdown of the fields, but with some errors in reading and has a problem handing off to ethernet. For the rest of this question, I'll provide a breakdown of the fields of the two headers and how I've approached dissection+handoff, then talk about the result and what's wrong.

Detail of Protocol: Primary header

The primary header is comprised of eight fields in the following order:

  1. 2 bit version number -
  2. 1 bit bypass flag
  3. 1 bit command flag
  4. 2 bit spare field
  5. 10 bit spacecraft_id field
  6. 6 bit virtual_channel_id field
  7. 10 bit length field
  8. 8 bit sequence number field

Items 2,3,5, and 6 all have value_string mappings for values to semantic values.

Detail of Protocol: Segment header

The segment header only has two fields, in the following order:

  1. A 2 bit sequence flag field
  2. A 6 bit map_id field - I'll call this map for short.

"dissect_tc" Method

FIrst, I'll show some of the dissect_tc method. 

static int
dissect_tc(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_)
{
    //I ASSUME OFFSET IS IN OCTETS
    int          offset          = 0;
    proto_item  *tc_packet;
    proto_tree  *tc_tree      = NULL;
    proto_item  *primary_header  = NULL;
    proto_tree  *primary_header_tree;
    proto_item  *segment_header = NULL;
    proto_tree  *segment_header_tree;
    guint32      first_word; 
    guint16      second_word;
    gint         tc_length;
    gint         length          = 0;
    gint         reported_length; 

    ...
    /* Note - both headers together are 48 bits, so I split the amount I need to process
       into two words - the first 32, and the second 16. This means that the second word 
       actually runs across both headers - it includes the sequence number of 
       the primary header and the entirety of the segment header. */

    first_word = tvb_get_guint32(tvb, 0, ENC_BIG_ENDIAN);
    second_word = tvb_get_guint16(tvb, 4, ENC_BIG_ENDIAN);

    ...(set length correctly)

    tc_packet = proto_tree_add_item(tree, proto_tc_subset, tvb, 0, length, ENC_BIG_ENDIAN);
    tc_tree   = proto_item_add_subtree(tc_packet, ett_tc);

    /* build the tc primary header tree */
    primary_header = proto_tree_add_item(tc_tree, proto_tc_subset, tvb, offset, TC_PRIMARY_HEADER_LENGTH, ENC_NA);
    primary_header_tree = proto_item_add_subtree(primary_header, ett_tc_primary_header);
    proto_tree_add_uint(primary_header_tree, hf_tc_version_number, tvb, offset, 2, first_word);
    //Continue adding items in a similar manner, updating offset as needed until ...
(more)
2020-08-11 18:09:08 +0000 commented answer Debugging Dissector Read and Dissector Handoff Issue

Bumping since it's been a while and hadn't gotten any replies for a while. If still none, will probably close out this q
2020-07-30 13:20:57 +0000 commented answer Debugging Dissector Read and Dissector Handoff Issue

@Pascal Quantin @grahamb @Guy Harris I've updated the question to reduce the amount of code in it since it's close to so
2020-07-30 13:20:41 +0000 commented answer Debugging Dissector Read and Dissector Handoff Issue

@Pascal Quantin @grahamb @Guy Harris I've updated the question to reduce the amount of code in it since it's close to so
2020-07-29 13:46:06 +0000 edited question Debugging Dissector Read and Dissector Handoff Issue

Debugging Dissector Read and Dissector Handoff Issue EDIT: As problems have been solved, I've reduced the amount of code
2020-07-29 13:40:49 +0000 edited question Debugging Dissector Read and Dissector Handoff Issue

Debugging Dissector Read and Dissector Handoff Issue EDIT: As problems have been solved, I've reduced the amount of code
2020-07-29 13:20:46 +0000 commented answer Debugging Dissector Read and Dissector Handoff Issue

@grahamb @Guy Harris I have no idea how it happened, but there was a problem in my local Wireshark. I fixed that and it
2020-07-28 20:29:32 +0000 commented answer Debugging Dissector Read and Dissector Handoff Issue

@Guy Harris @grahamb I'm sorry it took a while, I had to figure out the best way to upload one. Here's a link to a pc
2020-07-28 20:09:29 +0000 commented answer Debugging Dissector Read and Dissector Handoff Issue

@Guy Harris @grahamb I'm sorry it took a while, I had to figure out the best way to upload one. Here's a link to a pc
2020-07-28 20:07:13 +0000 commented answer Debugging Dissector Read and Dissector Handoff Issue

@Guy Harris @grahamb I'm sorry it took a while, I had to figure out the best way to upload one. Here's a link to a pc
2020-07-20 18:11:06 +0000 commented answer Debugging Dissector Read and Dissector Handoff Issue

I'll have to upload that somewhere and share a link, I guess. I likely won't be able to do that today. Would an image w
2020-07-20 16:32:57 +0000 commented answer Debugging Dissector Read and Dissector Handoff Issue

@Guy Harris Reading the octets in the "Data" block in a standard format pcap (I had another test network I could use th
2020-07-20 16:32:38 +0000 commented answer Debugging Dissector Read and Dissector Handoff Issue

@Guy Harris Reading the octets in the "Data" block in a standard format pcap (I had another test network I could use th
2020-07-20 16:32:19 +0000 commented answer Debugging Dissector Read and Dissector Handoff Issue

@Guy Harris Reading the octets in the "Data" block in a standard format pcap (I had another test network I could use th
2020-07-17 17:19:25 +0000 commented answer Debugging Dissector Read and Dissector Handoff Issue

@grahamb Completely failed - it just says "Data" and just lists the entire rest of the packet's bytes with no formattin
2020-07-17 17:18:31 +0000 commented answer Debugging Dissector Read and Dissector Handoff Issue

@grahamb Completely failed - it just says "Data" and just lists the entire rest of the packet's bytes with no formattin
2020-07-17 16:39:23 +0000 edited question Debugging Dissector Read and Dissector Handoff Issue

Debugging Dissector Read and Dissector Handoff Issue Background: I've written a dissector for reading a protocol called
2020-07-16 15:27:41 +0000 commented answer Debugging Dissector Read and Dissector Handoff Issue

3: I've tried withoutfcs and maybefcs. They lead to correct dissection of the ethernet packet, including the eth
2020-07-16 15:19:04 +0000 commented answer Debugging Dissector Read and Dissector Handoff Issue

3: I've tried withoutfcs and maybefcs. They lead to correct dissection of the ethernet packet, including the eth
2020-07-16 15:17:58 +0000 commented answer Debugging Dissector Read and Dissector Handoff Issue

3: I've tried withoutfcs and maybefcs. They lead to correct dissection of the ethernet packet, including the eth
2020-07-16 15:17:43 +0000 commented answer Debugging Dissector Read and Dissector Handoff Issue

3: I've tried withoutfcs and maybefcs. They lead to correct dissection of the ethernet packet, including the eth
2020-07-16 13:34:38 +0000 commented answer Debugging Dissector Read and Dissector Handoff Issue

3: I've tried withoutfcs and maybefcs. They lead to correct dissection of the ethernet packet, including the eth
2020-07-16 13:34:24 +0000 commented answer Debugging Dissector Read and Dissector Handoff Issue

3: I've tried withoutfcs and maybefcs. They lead to correct dissection of the ethernet packet, including the ethertyp
2020-07-16 13:33:41 +0000 commented answer Debugging Dissector Read and Dissector Handoff Issue

3: I've tried withoutfcs and maybefcs. They lead to correct dissection of the ethernet packet, including the ethertyp
2020-07-15 15:24:19 +0000 commented answer Debugging Dissector Read and Dissector Handoff Issue

Thank you for your reply. I'll address your suggestions in the same order. 1: Currently, omitting some details due to

2020-07-15 15:24:07 +0000 commented answer Debugging Dissector Read and Dissector Handoff Issue

Thank you for your reply. I'll address your suggestions in the same order. 1: Currently, omitting some details due to

2020-07-15 15:23:12 +0000 received badge  Commentator
Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
about | faq | help | privacy policy | terms of service
Powered by Askbot version 0.10.2