Wireshark-dev: Re: [Wireshark-dev] How to reassemble split TCP Packets - to group	together with
      
      
On Jul 17, 2009, at 4:06 AM, Tamas Somogyi wrote:
I implemented my dissector according to Developer's Guide "9.4.2.  
How to
reassemble split TCP Packets".
In my dissector, get_foo_message_len() returns the size of full  
messages
in tvb, if it is zero, then it returns the total size of split  
message.
get_foo_message_len() is supposed to return the size of the *single*  
message at the specified offset in the tvbuff.
In the above example, it returns the followings in successive calls:
A1. Input: tvb->length=Size(P1),offset=0
	Return: Size(m1)+Size(m2)+Size(m3)
It should be returning Size(m1).
tcp_dissect_pdus(), by design and intent, calls your dissector for  
each *message*, not for each *TCP segment*.  That requires the "get  
PDU length" routine to return the length of a single message.
If you want the Info column for a TCP segment to reflect all messages  
whose last byte appears in that segment, you would need to determine  
which of those messages is the first one ending in the segment, in  
that message set the Info column to the information about that  
message, and in all other messages append information about that  
message to the Info column.  I'm not sure how to determine which one  
is the first.