Wireshark-dev: Re: [Wireshark-dev] tcp_dissect_pdus. get reassemble TCP
From: Bill Meier <wmeier@xxxxxxxxxxx>
Date: Mon, 15 Oct 2012 14:39:16 -0400
On 10/15/2012 11:05 AM, Bill Meier wrote:
Hi Bill, I didn't finish the code, now i'm testing the function
tcp_dissect_pdus() to check whether it works. But i try to give specific
code in the below comment. besides that I have two questions: 1. I
cannot get the len in advance, for the protocol didn't give it... is
there any other way to get it? 2. for test, i set the return value of
get_foo_message_len fixed, like 2000. but the data i get is not
consecutive? confused...

===========

OK:

2. Re: "I cannot get the len in advance"

    What determines when you have a complete PDU (which presumably
    consists of TCP payload data which may extend over several packets).



Also: depending upon the exact format of your PDUs, it may not be possible to use tcp_dissect_pdus() (since that approach requires some way of determining the actual length of the PDU from information in an initial part of the PDU).

If using tcp_dissect_pdus() is not possible, a significantly more complex solution is required.

Reading through doc/README.developer, section 2.7.2, and thru the following message thread may help.

https://www.wireshark.org/lists/wireshark-dev/200609/msg00174.html