I am working on the dissector for the VNC protocol. I am trying to
figure out what the best way to reassemble a one message type that spans
multiple TCP segments. I have come across two different methods in
other dissectors: one that is in the developer's guide using
tcp_dissect_pdus() and the other that sets pinfo->desegment_offset and
pinfo->desegment_len.
I'm not sure which (if either) of the above will work due to the way
these messages are sent. The message has multiple rectangle updates
with different types of encoding for each and then pixel data. The
length of pixel data in each message depends on on the parameters of
that rectangle update (width x height) and its encoding type. I don't
know how many bytes will span across to the next segment until I reach
the last rectangle update of the current segment.
I need to be able to keep extending the reassembly by another packet as
I go through each packet. There is no field that tells me how many
segments it will span. For example, packet #1 may have 10 rectangle
updates and the 10th spans into the next segment. Once I get to the
next segment, it may have another 10 with the final rectangle update
spans to the next segment. This may go on for 10-15 packets. I would
prefer that each of these turn into "tcp segment of a reassembled PDU"
and the final one be the normal dissection of all of the rectangle
updates put end to end.
Which desegmentation method is best and will work in this case? Any
advice would be greatly appreciated!
Thanks,
Steve
