Wireshark-dev: Re: [Wireshark-dev] Fwd: dissector question- reasembling packets
From: Guy Harris <[email protected]>
Date: Tue, 3 Mar 2009 01:38:22 -0800
On Mar 3, 2009, at 1:12 AM, יוני תובל wrote:

i've implemented a dissector in the development version of wireshark and it worked . when i placed the dissectors dill's in the release version , the dissector failed . i've debbuged it , and noticed that he function : tcp_dissect_pdus behaves differently between both version .
i am using dynamic arrays in my messages .
that means that it a bit complicated to fetch the size of the packet from within the data.
Using dynamic arrays, in and of itself, doesn't make it complicated.   
You could have a protocol with variable-length arrays in the packet,  
but if, before sending a packet, the protocol implementation computes  
the full size of the packet, and writes that out at the beginning of  
the packet, you would only have to use that size field.
If the packet's size cannot be determined except by reading through  
the entire packet, then you cannot use tcp_dissect_pdus(), and might  
have to write your own code to reassemble packets.  tcp_dissect_pdus()  
was designed to handle the very-common case where a packet's length  
can be determined by looking at a small section of the beginning of  
the packet, and where the packet's length is never ever less than that  
small section; it's not appropriate for *all* protocols running over  
TCP - for example, Wireshark uses completely different mechanisms to  
reassemble HTTP.
therefor i am using the function like this
tcp_dissect_pdus(tvb, pinfo, tree, TRUE, fixed_size_to_ask, get_message_len, dissect_mprest_irondome_grds_interface);
and each time i get a maximum size packet, i assue that the message  
is greater then 1460bytes and i set fixed_size_to_ask = 1461 .
in the development version , the next tvb->length i receive is 1460  
+ "size of the next packet" .
in the release version i receive the actual size i asked for , 1461 .
What does your get_message_len routine - which must return the actual  
size of the packet - return?