On Fri, Mar 17, 2000 at 04:21:32PM -0600, Pawel Jasinski wrote:
>
>
> I wonder if ethereal has any generic support for protocols which spread
> their payload over multiple UDP packets ?
No it doesn't. That's one of the major things we want to provide for,
at least in some limited fashion, before the 1.0 release. I want to
at the minimum unfragment fragmented IP packets, and be able to send
the resulting large packet back through the protocol dissection
routines.
> The options I can see are:
> - follow the model of "Follow TCP stream" and build similar "Follow ts
> pid" (I don't think it is generic way, but looks better than my next
> option)
It's not generic; it handles only TCP re-assembly.
> - continue what I have done so far, and use regular dissect routines
> (requires some data to be preserved between dissect invocation). I made
> assumption that dissect routines are invoked in order of packet arrival
> (no sure).
Yes, they're processed in order. During the initial pass,
'tree' is set to NULL, so the proto dissection routines only parse enough info
to put into the list of packets. When a packet is selected via the GUI, or
when a display filter is being processed, the proto dissection routine is
called again, but this time with 'tree' pointing to something, telling
the dissector that it needs the decode information.
> - once the last chunk of the DCII packet is detected, I can try to trace
> back all the pieces and add a virtual packet to the panel (need some
> neat gui linking among all packets involved).
Yep. #3 is the way to go. It needs to be optional.. One view shows all
fragmented packets normally, another view shows packets unfragmented
as much as possible.
--gilbert
