Wireshark-dev: Re: [Wireshark-dev] Anyone working on a Syncthing dissector?
From: Martin Mathieson <martin.r.mathieson@xxxxxxxxxxxxxx>
Date: Fri, 9 Nov 2018 09:23:59 +0000
Hi,

I have a simple dissector (private) which just calls protoc --decode, reads the output from a pipe and shows the output using "data-text-lines".  In my environment, I have quite a few protobuf protocols that change often.

I basically have a table whose columns are:
- .UDP port number
-  proto file name
- top-level protobuf message name
And I have a preference that points to the folder that contains the .protof files and protoc.

I automatically update the list of UDP ports the dissector listens on in the handoff function.  The dissector looks up by port number and calls protoc with the appropriate arguments.

I am guessing I am unusual in having multiple 'unstable' protobuf-based protocols to support on not well-known ports?  Mine is a different use-case from having a public, stable protocol on a well-known port, but I still want to be able to see the details of the decode.

Regards,
Martin





On Fri, Nov 9, 2018 at 9:03 AM Maciej Krüger <mkg20001@xxxxxxxxx> wrote:
Hi,

I have written a still WIP (but mostly abandoned) dissector for libp2p
which also uses protobuf.

https://github.com/mkg20001/libp2p-dissector

This might give you some inspiration. Especially the CMakeLists.txt
could be useful
https://github.com/mkg20001/libp2p-dissector/blob/master/CMakeLists.txt#L49-L80

I also am using a patched version of protobuf-c which allows getting the
offsets for each of fields so they can be highlighted in the UI easily:
https://github.com/mkg20001/libp2p-dissector/blob/master/packet-secio.c#L309-L315


Maciej


Am 09.11.18 um 09:52 schrieb Antoine d'Otreppe:
> Hi Peter, hi Anders,
>
> Thanks for the pointers! I'll look into it and report back here when I have more information on the topic.
>
>
> Cheers,
> Antoine
>
>
>
>
> ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
> On Friday, November 9, 2018 9:32 AM, Anders Broman <anders.broman@xxxxxxxxxxxx> wrote:
>
>>
>> -----Original Message-----
>>
>>> From: Wireshark-dev wireshark-dev-bounces@xxxxxxxxxxxxx On Behalf Of Peter
>>> Wu
>>> Sent: den 9 november 2018 00:22
>>> To: Antoine d'Otreppe a.dotreppe@xxxxxxxxxx; Developer support list for
>>> Wireshark wireshark-dev@xxxxxxxxxxxxx
>>> Subject: Re: [Wireshark-dev] Anyone working on a Syncthing dissector?
>>> Hi Antoine!
>>> Based on the specifications for Syncthing, it appears that it uses Protobuf
>>> for defining its messages:
>>> https://docs.syncthing.net/specs/
>>> I am not sure how well protobuf is currently supported on Wireshark, you
>>> could scan the issue tracker and code review site to see if there is any
>>> current work in that area.
>>> Kind regards,
>>> Peter
>>> https://lekensteyn.nl
>>> (pardon my brevity, top-posting and formatting, sent from my phone)
>> Hi,
>> I think these pending commits are relevant:
>> https://code.wireshark.org/review/#/c/22892/
>> https://code.wireshark.org/review/#/c/23988/
>>
>> Regards
>> Anders
>>
>> On November 8, 2018 9:32:50 PM GMT+01:00, Antoine d'Otreppe
>> a.dotreppe@xxxxxxxxxx wrote:
>>
>>> Hi there,
>>> I'm interested in learning more about wireshark in general, and in
>>> particular learning how to make my own dissectors.
>>> I just happened to find a protocol that doesn't seem to have any
>>> dissector for it yet: syncthing. https://syncthing.net/ The local
>>> discovery protocol looks easy enough to begin with, as it is only UDP
>>> broadcasts.
>>> Your developer guide recommends to send a mail before starting
>>> development to check if anyone else would be working on a similar
>>> topic. That sounds reasonable :)
>>> Anybody working on that protocol yet?
>>> Regards,
>>> Antoine d'Otreppe
>> Sent via: Wireshark-dev mailing list wireshark-dev@xxxxxxxxxxxxx
>> Archives: https://www.wireshark.org/lists/wireshark-dev
>> Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
>> mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe
>>
>> Sent via: Wireshark-dev mailing list wireshark-dev@xxxxxxxxxxxxx
>> Archives: https://www.wireshark.org/lists/wireshark-dev
>> Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
>> mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe
>
> ___________________________________________________________________________
> Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
> Archives:    https://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
>              mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe