Hi folks,
I'm currently in the process of writing a dissector for Apple's USBMUX protocol (which encapsulates TCP frames with a non-IP-based 8 byte header), as used by their seemingly ubiquitous iProduct family.
So far, I've managed to dissect the "TCP port" and packet length portions of the header - although I'm struggling to actually deal with the TCP payload (which is obviously the interesting bit). I don't see any reason as to why it shouldn't be possible though, given that I can extract the payload from a USB packet and use it to create a trace file with text2pcap plus a custom user-defined DLT value, which can be parsed in Wireshark by adding a new DLT_USER rule that skips the 8 byte preamble...
Having looked at the IPv4 and TCP dissectors for inspiration, I decided to add "dissector_add_uint("usbmux.data", IP_PROTO_TCP, tcp_handle);" to the "proto_reg_handoff_tcp(void)" method in packet-tcp.c - which results in a successful build; although Wireshark bails out during launch with "ERROR:packet.c:719:dissector_add_uint: assertion failed: (sub_dissectors)"). I've also attempted to remove "IP_PROTO_TCP" from the aforementioned addition - although it predictably causes a build error.
I've also briefly skimmed the header files for the IPv4 and TCP dissectors, and planned on trying tcp_dissect_pdus() - although I (probably misleadingly) get the impression that it relates to an internal mechanism for parsing chunks of packets by higher-level (than IP or TCP itself) dissectors, instead.
Any thoughts from others who are more experienced with that portion of the codebase?
Thanks in advance,
