Wireshark · Wireshark-dev: Re: [Wireshark-dev] How to reassemble in dissector plugins if fixed len part is split ?

Wireshark-dev: Re: [Wireshark-dev] How to reassemble in dissector plugins if fixed len part is

From: Guy Harris <guy@xxxxxxxxxxxx>

Date: Tue, 11 Mar 2008 00:43:11 -0700

Merlin Hooze wrote:

For a disector plugin, if the fixed length part of the message is
split across tcp segments, can wireshark reassemble it?

It should be able to do so. If not, that's a bug. (That's why the sizeof the fixed-length part of the message is passed as an argument totcp_dissect_pdus()).

There were, in at least some Wireshark releases, bugs that caused thatnot to work correctly. Try it with the latest version of Wireshark,and, if it doesn't work, file a bug on bugs.wireshark.org, preferablywith a sample capture file that demonstrates the bug (just includeenough packets to demonstrate the problem - you can throw all otherpackets away, as long as loading the resulting capture shows the problem).

Or the plugin needs to take care of it once the tcp_dissect_pdus() functin returns.
Any examples available to handle this ?

Just use tcp_dissect_pdus() - it should just handle this; you don't needto do anything special, just pass the length of the fixed-length part ofthe message.

Follow-Ups:
- Re: [Wireshark-dev] How to reassemble in dissector plugins if fixed len part is split ?
  - From: John R . Hogerhuis

References:
- [Wireshark-dev] How to reassemble in dissector plugins if fixed len part is split ?
  - From: Merlin Hooze

Prev by Date: Re: [Wireshark-dev] Compiling with a older GTK version
Next by Date: Re: [Wireshark-dev] How to reassemble in dissector plugins if fixed len part is split ?
Previous by thread: [Wireshark-dev] How to reassemble in dissector plugins if fixed len part is split ?
Next by thread: Re: [Wireshark-dev] How to reassemble in dissector plugins if fixed len part is split ?
Index(es):
- Date
- Thread