Hi Guy,
Thanks for your answer.
I see the point -as I also suspected- that tcp_dissect_pdus() is designed for using with one message at a time, and it explains the issue with tvb->length indeed. However this is indifferent for the final goal, namely even if I treat them one by one, I'd like to fill the info column with a complete description on all the contained messages.
I think it is a realistic expectation, as the main purpose of the info column is to show a descriptive information on the content of the packet. Our users find very useful if info column is filled with detailed info - but only if (1) it is complete (i.e. includes both reassembled and full messages), and (2) smart, which means that e.g. displays a short summary with the number of messages instead of appending dozens of message descriptions where only the first 30-40 characters can be seen in the screen.
I can see two solutions:
1. Extend the design of tcp_dissect_pdus() to call dissectors for the packet as described below.
2. Possibility to modify the existing content of a column. I'm thinking about adding a function to column-utils.c, let's call col_modif_str(cinfo,el,str), which -instead of appending- overwrites the info up to the length of the existing string, if there's a fence. If no fence yet, it just sets the string by calling col_set_str(). It needs some more ivestigation on my side as I'm not familiar with such internal code , but it seems the easier way.
- Tamas
-----Original Message-----
From: wireshark-dev-bounces@xxxxxxxxxxxxx on behalf of Guy Harris
Sent: Fri 17/07/2009 18:54
To: Developer support list for Wireshark
Subject: Re: [Wireshark-dev] How to reassemble split TCP Packets - to grouptogether with full messages? - Email found in subject
On Jul 17, 2009, at 4:06 AM, Tamas Somogyi wrote:
> I implemented my dissector according to Developer's Guide "9.4.2.
> How to
> reassemble split TCP Packets".
> In my dissector, get_foo_message_len() returns the size of full
> messages
> in tvb, if it is zero, then it returns the total size of split
> message.
get_foo_message_len() is supposed to return the size of the *single*
message at the specified offset in the tvbuff.
> In the above example, it returns the followings in successive calls:
> A1. Input: tvb->length=Size(P1),offset=0
> Return: Size(m1)+Size(m2)+Size(m3)
It should be returning Size(m1).
tcp_dissect_pdus(), by design and intent, calls your dissector for
each *message*, not for each *TCP segment*. That requires the "get
PDU length" routine to return the length of a single message.
If you want the Info column for a TCP segment to reflect all messages
whose last byte appears in that segment, you would need to determine
which of those messages is the first one ending in the segment, in
that message set the Info column to the information about that
message, and in all other messages append information about that
message to the Info column. I'm not sure how to determine which one
is the first.
___________________________________________________________________________
Sent via: Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives: http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe
<<winmail.dat>>
