Ethereal-dev: [Ethereal-dev] Is it possible avoid segmentation?
Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.
hi guys,
I'm currently working on a customer project which involves decoding of a proprietary protocol running on top of Tcp layer.
This protocol (tcp payload) consist of a fixed lenght header with payload sometimes bigger than 4Kbyte.
This message will be sent on a gigaethernet network at very hight transmision rate.
I have already implemented a prototype using the Ethereal protocol dissector plugin API
I have tested it on ethernet network: sending small message on a socket without TCP_NODELAY so that all my small message are seen as an unique tcp payload and collected in packets segmented whose size is 1448 bytes.
I have fragmented the packet and showed the tree of any single small message, but I can't filter one only message inside the packet without seeing the others belonging to the same packet.
My customer don't wont see any segmentation and be able to filter any message so I tought to act on low level when packets are captured:
for every single packet captured I can determine which byte belong to my protocol and build a new packed in which my message is an UDP payload of a fake upd packet (it can show its payload without segmentation).
By reading Readme design an capture I tought to insert a library working after that a temp wirecap file is created and before dissect is launch but checking the code I cannot find step.
Any help is appreciated.
If you have more smart idea or suggest some dissectors which implements something similar what i need,it is appreciated too.
thanks in advance
cristian
