Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: Re: [Wireshark-dev] Defragmenting non-tcp streams

From: Guy Harris <guy@xxxxxxxxxxxx>
Date: Thu, 7 Jan 2010 02:09:43 -0800
On Jan 7, 2010, at 1:48 AM, paul@xxxxxxxxxxxxxx wrote:

> TCP has a tcp_dissect_pdus() function that higher protocols can use
> to  eliminate their dependency on the TCP framing. Is there anything
> generic for other layers?

I.e., for other byte-stream-oriented layers?  tcp_dissect_pdus() resides atop lower-level reassembly code in the TCP dissector; a similar lower-level reassembly mechanism exists in the SSL/TLS dissector.  There's currently no generic code used by both the TCP and SSL/TLS dissector; I have not looked at whether such a generic mechanism could be provided.

The TCP and SSL/TLS mechanism use the same reassembly code (in epan/reassemble.c) that other reassembly code (e.g., IP fragment reassembly) uses, but, for protocols implemented atop byte-stream transports, reassembly requires cooperation between the transport layer and the protocol running atop it (unlike, for example, IP fragment reassembly).