alok wrote:
I have a TCP data stream which is split across 2 packets/frames.
What i need to do is run the dissector across the "2 packets".
In other words, I get the Information version and length in packet 1 but
I need to go further down and dissect over the remaining packet.
Any suggestions on what is the best method?
Use tcp_dissect_pdus().
You need to
1) come up with a length value large enough to include the information
version and length (or enough information to compute the length) and
small enough not to be larger than any packet;
2) write a routine that, given a tvbuff containing at least that number
of bytes, reads data from the packet with the tvb_get_ routines and
returns the total length of the packet (*including* the header);
3) write a routine that, given a tvbuff that contains all of a single
packet in your protocol and no extra data, will dissect that packet;
and then have the TCP dissector for your protocol call
tcp_dissect_pdus(), handing it the length value, the "get packet length"
routine, and the "dissect one PDU" routine. That routine will not only
handle reassembly for you (as you ask for above), it'll also handle the
case of multiple PDUs in your protocol within a *single* TCP segment.
If you want, you can add a preference setting to control whether to
reassemble PDUs for your protocol or not, and hand that setting to
tcp_dissect_pdus(); otherwise, you can just hand TRUE to it.
