Wireshark-dev: Re: [Wireshark-dev] How to reassemble split TCP Packets - to group together with
On Jul 17, 2009, at 4:06 AM, Tamas Somogyi wrote:
I implemented my dissector according to Developer's Guide "9.4.2.
How to
reassemble split TCP Packets".
In my dissector, get_foo_message_len() returns the size of full
messages
in tvb, if it is zero, then it returns the total size of split
message.
get_foo_message_len() is supposed to return the size of the *single*
message at the specified offset in the tvbuff.
In the above example, it returns the followings in successive calls:
A1. Input: tvb->length=Size(P1),offset=0
Return: Size(m1)+Size(m2)+Size(m3)
It should be returning Size(m1).
tcp_dissect_pdus(), by design and intent, calls your dissector for
each *message*, not for each *TCP segment*. That requires the "get
PDU length" routine to return the length of a single message.
If you want the Info column for a TCP segment to reflect all messages
whose last byte appears in that segment, you would need to determine
which of those messages is the first one ending in the segment, in
that message set the Info column to the information about that
message, and in all other messages append information about that
message to the Info column. I'm not sure how to determine which one
is the first.