On Mar 3, 2009, at 1:12 AM, יוני תובל wrote:
i've implemented a dissector in the development version of wireshark
and it worked .
when i placed the dissectors dill's in the release version , the
dissector failed .
i've debbuged it , and noticed that he function : tcp_dissect_pdus
behaves differently between both version .
i am using dynamic arrays in my messages .
that means that it a bit complicated to fetch the size of the packet
from within the data.
Using dynamic arrays, in and of itself, doesn't make it complicated.
You could have a protocol with variable-length arrays in the packet,
but if, before sending a packet, the protocol implementation computes
the full size of the packet, and writes that out at the beginning of
the packet, you would only have to use that size field.
If the packet's size cannot be determined except by reading through
the entire packet, then you cannot use tcp_dissect_pdus(), and might
have to write your own code to reassemble packets. tcp_dissect_pdus()
was designed to handle the very-common case where a packet's length
can be determined by looking at a small section of the beginning of
the packet, and where the packet's length is never ever less than that
small section; it's not appropriate for *all* protocols running over
TCP - for example, Wireshark uses completely different mechanisms to
reassemble HTTP.
therefor i am using the function like this
tcp_dissect_pdus(tvb, pinfo, tree, TRUE, fixed_size_to_ask,
get_message_len, dissect_mprest_irondome_grds_interface);
and each time i get a maximum size packet, i assue that the message
is greater then 1460bytes and i set fixed_size_to_ask = 1461 .
in the development version , the next tvb->length i receive is 1460
+ "size of the next packet" .
in the release version i receive the actual size i asked for , 1461 .
What does your get_message_len routine - which must return the actual
size of the packet - return?
