Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: Re: [Wireshark-dev] Defragmenting non-tcp streams

Date: Thu, 7 Jan 2010 07:24:21 -0500
On Thu, Jan 07, 2010 at 04:05:14AM -0800, Guy Harris wrote:
> 
> On Jan 7, 2010, at 3:45 AM, paul@xxxxxxxxxxxxxx wrote:
> 
> > Well, I am reassembling the packets in a burst transfer, but first of all
> > I have to reassemble the bytes in the USB transfer which is just a byte
> > stream.
 
> OK, so those (reassembling the bytes in the USB transfer, and
> reassembling the packets in a burst transfer) should be done as separate
> levels of reassembly.  (I speak here from experience, having fixed the
> TDS dissector in a similar fashion a while ago; it also deals with two
> layers of reassembly, which it originally tried doing at one level -
> that had a number of bugs, fixed by doing the two layers separately.)

At the moment my "attempts" are separate. I'm only trying to handle
multiple ANT packets in one USB packet at the moment, but it's not
a very clean method...
 
> At the "ANT running atop USB" layer, how do you get the packet boundaries?

At the moment, I'm just searching for a sync byte (A4) that doesn't
occur within an existing ANT packet. Later I could also check that
the length is reasonable (<= 13), the message id is valid, and the
checksum is valid, but that means I'd lose decoding any partially
corrupt packets (probably not a big deal).

Due to the way that ANT works, packets are sent at a certain rate
which means that the majority if the time, a single USB packet
would contain a single aligned ANT packet, but burst transfers
(and maybe some others) allow multiple ANT packets to be sent
consecutively. Since ANT is a serial protocol, USB is just being
used as a serial-USB-serial transport, so I shouldn't rely on
any layering at all.

I'll take a look at the TDS dissector and see if it gives me
some ideas.

Thanks,

Paul