Wireshark-dev: [Wireshark-dev] [PATCH] Adding RTSE reassembly
From: "Stig Bjørlykke" <[email protected]>
Date: Fri, 22 Jun 2007 15:08:39 +0200

This patch adds RTSE reassembly.  The reassembly is done when
receiving a SES MAJOR SYNC POINT, as this indicates the end of the
COTP DT Data stream.  Previous the RTSE dissector was called when
receiving a COTP DT Data fragment with the "last data unit" bit set,
but this does not work with messages fragmented in RTSE.  Reassembly
can be turned off in the preferences.

The RTSE reassembly is a bit magic because of the OCTET_STRING
encapsulation (the data should have been encapsulated in a constructed
OCTET_STRING after reassembly, which is not possible in wireshark
(?)), but this is fixed with calling dissect_rtse_EXTERNAL() instead
of dissect_rtse_RTSE_apdus() for such constructions.

Another feature with this patch is that the info column shows info
from the RTSE content instead of SES "MAJOR SYNC POINT (MAP) SPDU" :)

One disadvantage is that the last RTSE fragment always is 0 bytes (no
data).  Any idea how (and if) this can be fixed?

Attached p772-message-minorsync.pcap with a Military Message showing
this problem.  The message shall be dissected in frame 20.

The patch has been fuzzy tested on OSX.

Graeme Lunt: can you test this patch with your captures?

Stig Bjørlykke

Attachment: packet-ses-pres-rtse.patch.gz
Description: GNU Zip compressed data

Attachment: p772-message-minorsync.pcap.gz
Description: GNU Zip compressed data