Ethereal-dev: RE: [Ethereal-dev] Dissecting a conversation.
>>That is avoid managing the reassembly of the TCP segments.
Managing the reassembly of TCP segments is not that daunting of a task.
Just follow Guy Harris's instructions:
--------------------------------------
Use the "tcp_dissect_pdus()"
routine, which takes, as arguments:
the tvbuff for the TCP segment being dissected;
the pinfo value for the packet;
the protocol tree pointer for the packet;
a Boolean value that's TRUE if packets split between TCP
segments should be reassembled and FALSE if they shouldn't be
reassembled (this is typically a user-configurable preference
variable);
the number of bytes of header needed in order to get the data
that tells you how big the message is;
a pointer to a routine that's handed a tvbuff pointer and an
offset in that tvbuff, where the offset is the offset of the
beginning of a header, and returns the total size of the packet
based on the data in the header (total size *including* the
header!);
a pointer to a routine to dissect a single message for your
protocol, which gets handed the usual arguments for a dissector
function - the tvbuff starts at the beginning of the message.
See, for example, "packet-dns.c".
**************************
Nik Kolev
Drexel University
Major: Computer Science
nak26@xxxxxxxxxx
**************************