Wireshark mailing list archives

Previous By Date Next
Previous By Thread Next

Handing off payloads to the TCP dissector?

From: Tyson Key <tyson.key () gmail com>
Date: Sun, 19 Jun 2011 01:59:21 +0100
Hi folks,

I'm currently in the process of writing a dissector for Apple's USBMUX
protocol (which encapsulates TCP frames with a non-IP-based 8 byte header),
as used by their seemingly ubiquitous iProduct family.

So far, I've managed to dissect the "TCP port" and packet length portions of
the header - although I'm struggling to actually deal with the TCP payload
(which is obviously the interesting bit). I don't see any reason as to why
it shouldn't be possible though, given that I can extract the payload from a
USB packet and use it to create a trace file with text2pcap plus a custom
user-defined DLT value, which can be parsed in Wireshark by adding a new
DLT_USER rule that skips the 8 byte preamble...

Having looked at the IPv4 and TCP dissectors for inspiration, I decided to
add "*dissector_add_uint("usbmux.data", IP_PROTO_TCP, tcp_handle);*" to the
"*proto_reg_handoff_tcp(void)*" method in packet-tcp.c - which results in a
successful build; although Wireshark bails out during launch with
"*ERROR:packet.c:719:dissector_add_uint:
assertion failed: (sub_dissectors)*"). I've also attempted to remove "*
IP_PROTO_TCP*" from the aforementioned addition - although it predictably
causes a build error.

I've also briefly skimmed the header files for the IPv4 and TCP dissectors,
and planned on trying tcp_dissect_pdus() - although I (probably
misleadingly) get the impression that it relates to an internal mechanism
for parsing chunks of packets by higher-level (than IP or TCP itself)
dissectors, instead.

Any thoughts from others who are more experienced with that portion of the
codebase?

In the meantime, I've published my rough initial attempt at
https://bitbucket.org/vmlemon/usb_isi_dissector_for_wireshark/src/7c4567e148e1/usbmux/packet-usb-apple-usbmux.c
.

Thanks in advance,

Tyson.

-- 
                                          Fight Internet Censorship!
http://www.eff.org
http://vmlemon.wordpress.com | Twitter/FriendFeed/Skype: vmlemon |
00447934365844

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Previous By Date Next
Previous By Thread Next

Current thread: