Wireshark · Wireshark-dev: Re: [Wireshark-dev] reasebling packets

Wireshark-dev: Re: [Wireshark-dev] reasebling packets - dissector question

From: Guy Harris <guy@xxxxxxxxxxxx>

Date: Sun, 22 Feb 2009 14:22:12 -0800


On Feb 22, 2009, at 2:14 PM, יוני תובל wrote:

what length exactly shoild  i return in the "get_len" function .
Do i need to return the expecte length of the PDU ?

Yes. That lets tcp_dissect_pdus() know how much data needs to beassembled.

and if so , what is the definition of the PDU (application layerdata + header , or only data )

The PDU (obviously) doesn't include TCP or IP or link-layer headers(given that PDUs for protocols running over TCP can be split acrossTCP segments), but it does include all the fields for the protocolrunning on top of TCP - including any header that gives the length ofthe PDU (for protocols, such as DNS, that run over TCP and packet-oriented transport layers such as UDP).

Follow-Ups:
- Re: [Wireshark-dev] reasebling packets - dissector question
  - From: יוני תובל

References:
- [Wireshark-dev] reasebling packets - dissector question
  - From: יוני תובל
- Re: [Wireshark-dev] reasebling packets - dissector question
  - From: wsgd
- Re: [Wireshark-dev] reasebling packets - dissector question
  - From: יוני תובל
- Re: [Wireshark-dev] reasebling packets - dissector question
  - From: Guy Harris
- Re: [Wireshark-dev] reasebling packets - dissector question
  - From: יוני תובל

Prev by Date: Re: [Wireshark-dev] reasebling packets - dissector question
Next by Date: Re: [Wireshark-dev] reasebling packets - dissector question
Previous by thread: Re: [Wireshark-dev] reasebling packets - dissector question
Next by thread: Re: [Wireshark-dev] reasebling packets - dissector question
Index(es):
- Date
- Thread