Dsnoi / protobuf-wireshark

Automatically exported from code.google.com/p/protobuf-wireshark
Apache License 2.0
0 stars 0 forks source link

Decode length-prefixed TCP messages #2

Open GoogleCodeExporter opened 8 years ago

GoogleCodeExporter commented 8 years ago
It would be great if this worked for TCP streams with messages prefixed by
message length.

Original issue reported on code.google.com by dan%remember.this.name@gtempaccount.com on 26 Jul 2009 at 9:33

GoogleCodeExporter commented 8 years ago
I need this too.

-- Ken Sedgwick <ken@bonsai.com>

Original comment by ksedg...@gmail.com on 6 Aug 2009 at 4:21

GoogleCodeExporter commented 8 years ago
How does this fit in with the protobuf framework ? Is there a way to define 
these kinds 
of messages in protobuf ? We can add TCP support if needed. 

Original comment by dear.c...@gmail.com on 23 Mar 2010 at 1:10

GoogleCodeExporter commented 8 years ago
I'm using protobuf to frame protobuf over TCP.
As long as you realize that the Message subtype contains the length, that's not 
even 
particularly hard.
The main problem, from a protobuf protocol point of view, is that the type of 
the 
message isn't specified -- there is no good way to specify it within the 
context of 
protobuf, really. Just assume it's a protobuf payload, and decode id:data.
In fact, if the decoder was just recursively applying itself on the protobuf 
TCP 
stream, it would work fine.

Some variants use a byte, short, long or varint prefixed binary-data encoding 
(big- 
and little-endian, too). You could have different flavors for these:

Protobuf-recursive
Protobuf-varintPrefix
Protobuf-shortPrefix-LE
Protobuf-intPrevis-BE
...

Original comment by jwa...@gmail.com on 4 Jun 2010 at 7:17

GoogleCodeExporter commented 8 years ago
I dont think using message length is a good identifier of message by itself. If 
you are transporting multiple protobuf messages on the same TCP stream what you 
could do is to define a meta message which consists of all the constituent 
protobuf messages as optional fields. That way you can allow protobuf itself to 
do overall decoding instead of having a specific implementation of message 
type. 

Original comment by dear.c...@gmail.com on 22 Jul 2010 at 1:45

GoogleCodeExporter commented 8 years ago
I use the TCP proto as dear.chap described, works very nicely. Does not 
increase the packet size compared to wrapping the message in a special 
meta-packet.

Original comment by markus.r...@gmail.com on 2 Sep 2010 at 2:02

GoogleCodeExporter commented 8 years ago
are there any plans to add TCP support to your plug in?  Thank You

Original comment by rhl...@comcast.net on 16 Jan 2013 at 3:16

GoogleCodeExporter commented 8 years ago
tcp fixed head len is 4 bytes eg:
#define FRAME_HEADER_LEN 4
1. add get_message_len function: wireshared tcp package include head an body;
/* determine PDU length of protocol protobuf */
static guint get_protobuf_message_len(packet_info *pinfo, tvbuff_t *tvb, int 
offset)
{
    /* TODO: change this to your needs */
    guint ntohl_len = (guint)tvb_get_ntohl(tvb, offset); 
    guint letohl_len = (guint)tvb_get_letohl(tvb,offset);
    guint len = ntohl_len;
    if ( letohl_len < len ){
        len = letohl_len;
        }
    return len+FRAME_HEADER_LEN; /* e.g. length is at offset 0, len is body, 4 is head len, wireshark need total len(head+body)*/
}

2. add .body dissect function 

/* This method dissects fully reassembled messages */
static void dissect_protobuf_message(tvbuff_t *tvb, packet_info *pinfo, 
proto_tree *tree)
{
    /* TODO: implement your dissecting code */\
        if (check_col(pinfo->cinfo, COL_PROTOCOL)) {
                col_set_str(pinfo->cinfo, COL_PROTOCOL, "protobuf-tcp");
            }

            /* Clear out stuff in the info column */
            if(check_col(pinfo->cinfo,COL_INFO)){
                col_clear(pinfo->cinfo,COL_INFO);
            }

            if (tree) { /* we are being asked for details */

              /* Always make sure that offset is LESS than maxOffset */
              gint data_len = tvb_length(tvb) - FRAME_HEADER_LEN;
              proto_item * ti = NULL;
              tvbuff_t * next_tvb = tvb_new_subset_remaining (tvb,FRAME_HEADER_LEN);
              //gint maxOffset = tvb_length(next_tvb);

              ti = proto_tree_add_item(tree,proto_protobuf,tvb,0,4,ENC_NA);
              proto_item_append_text(ti, ", Length %d",data_len);
                  wireshark_pb_process_protobuf((void *) tree, pinfo->srcport, pinfo->destport, hf_protobuf, 
                (void *)next_tvb,  (void *)tvb_get_ptr(tvb,FRAME_HEADER_LEN,data_len), data_len);
            }
}

3. modify dissect_protobuf function:

static void dissect_protobuf(tvbuff_t *tvb, packet_info *pinfo, proto_tree 
*tree)
{
    if( pinfo->tcp_tree == NULL)
    {
        dissect_protobuf_udp(tvb,pinfo,tree);

    }else
    {
        tcp_dissect_pdus(tvb, pinfo, tree, TRUE, FRAME_HEADER_LEN,
                         get_protobuf_message_len, dissect_protobuf_message);
    }
}

Original comment by cxh3...@gmail.com on 19 Apr 2014 at 2:05

GoogleCodeExporter commented 8 years ago
I'm also using TCP as dear.chap is suggesting.

Original comment by cms...@gmail.com on 28 Jan 2015 at 5:23