diff options
Diffstat (limited to 'wireshark_dechunk/README.txt')
-rw-r--r-- | wireshark_dechunk/README.txt | 48 |
1 files changed, 0 insertions, 48 deletions
diff --git a/wireshark_dechunk/README.txt b/wireshark_dechunk/README.txt deleted file mode 100644 index ab00663..0000000 --- a/wireshark_dechunk/README.txt +++ /dev/null @@ -1,48 +0,0 @@ -IDEA STAGE - 04/2013 - -Add an option to Wireshark (libwireshark / epan) to give hability to dissectors -to dechunk frames, by creating multiple fake frames each containing part of the -data from one frame. - -Goal is to dechunk SCTP and TCAP on the fly. - -=============================================================================== -Options presented to Wireshark / tshark - -* dechunk SCTP (default True) -* dechunk TCAP (default True) -* save PCAP as dechunked (default False) - -=============================================================================== -Code: Insert fake dechunked frames instead of chunked frame - -file.c: -add_packet_to_packet_list(frame_data *fdata, capture_file *cf, - dfilter_t *dfcode, gboolean create_proto_tree, column_info *cinfo, - struct wtap_pkthdr *phdr, const guchar *buf, - gboolean add_to_packet_list) - -after epan_dissect_run_with_taps(&edt, phdr, buf, fdata, cinfo); -if edt.fake_frames: - for each edt.fake_frame: - packet_list_append(cinfo, fdata, &edt.pi); - -Data passed in frame_data (epan/frame_data.h) -New methods from frame list manipulation in frame_data_sequence.c - -Actual Callgraph -read_packet - frame_data_sequence_add - add_packet_to_packet_list # target function - epan_dissect_run_with_taps - dfilter_apply_edt - packet_list_append -rescan_packets - add_packet_to_packet_list # target function - -=============================================================================== -Code: Create fake dechunked frames from chunked frame - -epan/dissectors/packet-sctp.c -dissect_sctp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) -pinfo->fd (frame_data) |