First time here? Check out the FAQ!
THIS IS A TEST INSTANCE. Feel free to ask and answer questions, but take care to avoid triggering too many notifications.
Ask Your Question
0

dissector length

  • retag add tags

Hello,

For some custom dissector I have following situation: (unfortunetly, it doesn't allows me to upload file. @moderators, please assist with that)

I have a message built from submessages. Those sub messages have different IDs and length. Those submessages not necessarily exists in each message, and not in the same location. For example: 

 - message(Header, submessage1(id1, length1), submessage2(id2, length2),submessage3(id3, length1),...,submessageN(idN, lengthN), Checksum)
 - message(Header, submessage17(id17, length10), submessage3(id3, length1),submessage5(id5, length5),...,submessageN(idN, lengthN),Checksum)

I'd like to write a dissector for that message. The best solution that I see is that I will have a while loop in which it will check the message ID and call the submessage parsing.

I'd be glad if one can give me some hints on the implementation aspect.

Working with LUA dissection

Thank you

BMWE's avatar
1
BMWE
asked 2019-03-24 09:00:48 +0000, updated 2019-03-24 11:00:30 +0000
edit flag offensive 0 remove flag close merge delete

Comments

You can post a link to your dissector source and any captures.

Most dissectors do something similar, iterate over the packet, reading values and dissecting based on those values. Nothing unusual there.

grahamb's avatar grahamb (2019-03-24 09:39:59 +0000) edit
more
  • delete

Unfortunately, this is on my internal network (can't get it out). If there are some example of this, it would be very helpful

BMWE's avatar BMWE (2019-03-24 09:44:39 +0000) edit
more
  • delete
add a comment see more comments

1 Answer

0

Have a look at the dissect_ip_options function in packet-ip.c.

That starts with an overall options length value, then loops over the options, reading the option length in each iteration and subtracting that from the overall length until there are no options left.

You could create a similar function for submessages, starting with the remaining length of the packet, then in the loop reading the submessage id and length, processing the submessage and going around the loop again (if there are bytes remaining.

grahamb's avatar
23.8k
grahamb
answered 2019-03-24 10:57:30 +0000
edit flag offensive 0 remove flag delete link
more

Comments

Thank you!

Just one comment that I've forgot to mention - I'm working with LUA and not C

BMWE's avatar BMWE (2019-03-24 10:59:52 +0000) edit
more
  • delete

The approach would be similar.

grahamb's avatar grahamb (2019-03-24 12:46:23 +0000) edit
more
  • delete
add a comment see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.

Add Answer