Hi, Also I got another problem: If I open dump, select frame, and push 'END' I move to end of dump. At this time all frames between first few frames and few last frames, not decoded, so I can't correct decode last frame. Question is: how I can walk through all frames that will be passed to dissector if we look frames one-by-one?
On Mon, Dec 19, 2011 at 03:42:05PM +0100, Jaap Keuter wrote: > On 2011-12-18 14:17, Andriy Beregovenko wrote: > > >Hi, > > > >Now i'm writing dissector for some kind of traffic. I'm already > >got basic > >knowledge in dissector writing, so first primitive version was > >already done. > >But now, when I try to complete fully featured version of > >dissector I got > >many trobles with routine. So I'm looking for good advice from > >experienced > >developers. > >First of all, let me describe my traffic a little: > >- most part of traffic is crypted(with rc4)+compressed(with mppc), > >not > >crypted is only few start frames; > >- few start frames(or packets) have rc4 key inside itself; > > > >So I do next. When I dissect traffic, i looking for first frames, > >reads rc4 > >keys from it and put it into static variable, so all other > >frames(packets) > >now can be correct decrypted. But I need to decompress(with MPPC), > >and here > >I got my troubles, cause I can decompress only 'linearly' incoming > >data > >(this is MPPC specific feature), so I'm stuck here. Please, point > >me to > >right way to implement such type of dissector. > >-- Best regards, Andriy 0xBDDBDAE3 > > Hi, > > Two things to be aware of: > 1. Using statics to store dissection related data (key material in > your case) > is bad style. Why? Image what happens when there are two streams > in your > capture. Which key are you going to store? > > 2. You have to be aware that Wireshark accesses frames in random > order all > all the time. Only the first pass is sequential. > > Because of 1. there is the notion of 'conversations'. Per > conversation you > can store protocol related data (your key). Every time you are asked to > dissect a packet (remember, this can be in random order!), you have > access to > this stored data, in your conversation data. > > Because of 2. you can setup your conversation data (your key) on the > first > pass (see PINFO_FD_VISITED macro) and use it later on. > > Read through doc/README.developer for these subjects. > > Thanks, > Jaap > ___________________________________________________________________________ > Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org> > Archives: http://www.wireshark.org/lists/wireshark-dev > Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev > mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe -- Best regards, Andriy 0xBDDBDAE3
signature.asc
Description: Digital signature
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
