On Apr 22, 2009, at 1:29 PM, gogrady@xxxxxxxxx wrote:
no sorry, any count (bnp, or ie count) is only the data. so if a bnp
message was actually 10 bytes long, the count would be 7.
Yes, that's what I said - a 3-byte BNP header and 250 bytes of BNP
data would have a count in the BNP header of 250, and the total length
of the packet, including the BNP header and the BNP data, would be 253.
Therefore, to reassemble BNP packets - not to reassemble multi-message
stuff, just to reassemble the BNP header and data - you would use
tcp_dissect_pdus() in the dissector that handles the BNP header. The
fixed-length portion size handed to tcp_dissect_pdus() would be 3, to
cover the BNP header, and the get_pdu_len routine would fetch the byte
count from the BNP header, add 3 to it, and return the sum.
The dissector routine called by tcp_dissect_pdus() will be handed one
BNP message - header plus data - at a time. That is exactly what it
is supposed to do, and what it should be doing. It would dissect the
BNP header, and then process the data appropriately. That might
involve doing its own reassembly, over and above the BNP-message
reassembly being done by the TCP dissector and tcp_dissect_pdus(), for
the multi-message stuff.
