Hi,
Can you please help me how to group split messages together with the
full messages in the last packet in order to display a complete
description in the info column of the packet?
The problem is that my dissector is called separately for the split
message and for the rest messages in the packet.
My protocol is based on TCP/IP, but one packet may contain one or more
variable-length messages (the header of the message specifies the total
length). Typical message layout:
P1 | P2 | P3...
+--+--+--+---|---+--+---|------
|m1|m2|m3|m4a|m4b|m5|m6a|m6b...
+--+--+--+---|---+--+---|------
| |
TCP Packet #1 (P1) contains m1, m2 and m3 in full, plus the first few
bytes of m4 (m4a). P2 contains the second part of m4 (m4b), then m5 in
full, and first part of m6, etc.
The goal would be to display e.g. the number of messages in the info
column of the packet:
P1 3 messages (m1,m2,m3)
P2 2 messages (reassembled m4, m5)
P3 ...
I implemented my dissector according to Developer's Guide "9.4.2. How to
reassemble split TCP Packets".
In my dissector, get_foo_message_len() returns the size of full messages
in tvb, if it is zero, then it returns the total size of split message.
In the above example, it returns the followings in successive calls:
A1. Input: tvb->length=Size(P1),offset=0
Return: Size(m1)+Size(m2)+Size(m3)
A2. Input: tvb->length=Size(P1),offset=Size(m1)+Size(m2)+Size(m3)
Return: Size(m4) //=Size(m4a+m4b))
A3. Input: tvb->length=Size(m4) (!!!), offset=0
Return: Size(m4)
A4. Input: tvb->length=Size(P2)-Size(m4b), offset=0
Return: Size(m5)
According to the above, the dissector (dissect_foo_message()) is called
for:
B1. (m1,m2,m3) => I fill the info column of P1 to "3 messages"
B3. (m4) => I fill out the info column of P2 to "1 messages"
B4. (m5) => ooops... another message in P2! Moreover info column is
read-only and fence applied!
In my view, the main problem is that get_foo_message_len() gets called
second times (in step A3) by tvb->length=Size(m4) instead of
Size(m4)+Size(m5)+Size(m6a) - I don't know if it is a bug or
intentional.
In step A2, I don't have any info on P2, so I have to return the size of
m4. But in step A3, the size of tvb=Size(m4) even if P2 is accessed by
the underlying system (packet-tcp?), so it would be great to provide all
the data in tvb and not only the one "requested minimum" in A2.
The other solution would be to make the info column somehow accessible
for the second part of the packet (step B4). I tried to play with cinfo,
but no real success and personally I don't think that it would be the
right solution.
Sorry for the long mail, I tried to be as accurate as possible. Maybe
there is a magic flag which solves the problem, although I tried several
methods with no success (e.g. I tried to find out the size of packet,
but found no relation between pinfo and tvb).
Thanks in advance,
Tamas
